For SSL connection when actually hostname verification done

Question

For SSL connection when does actually hostname verification done.

Some application servers provide option to disable hostname verification

like in Weblogic it can be disabled at server level

-Dweblogic.security.SSL.ignoreHostnameVerify

We can disable progamitically as discussed here by having custom verifier which implments javax.net.ssl.HostnameVerifier

Is there a generic way to disable hostname verification at server level.

Is this off-topic for StackOverflow? It might belong over at ServerFault... — Jeff B, Aug 31 '16 at 13:25
If you mean to disable verification for certain hosts in your client, something like https://stackoverflow.com/questions/19723415/java-overriding-function-to-disable-ssl-certificate-check/21103499#21103499 will work. — Anand Bhat, Aug 31 '16 at 13:56

score 0 · Answer 1 · answered Sep 06 '16 at 09:45

0

It isn't. Hostname verification is part of HTTPS, not SSL.

answered Sep 06 '16 at 09:45

user207421

how does Weblogic server allows before it even reaching the application – sare Sep 07 '16 at 11:02
Err, because WebLogic is speaking HTTPS? – user207421 Sep 07 '16 at 12:23

1 Answers1