Skip to content

Commit

Permalink
Revert "SECURITY.md: add instruction for disabling Conscrypt's defaul…
Browse files Browse the repository at this point in the history 
…t TrustManager (grpc#6962)" (grpc#7428)

This reverts commit e089cea.
  • Loading branch information
@voidzcy @dfawley
voidzcy authored and dfawley committed Jan 15, 2021
1 parent 0abb7f8 commit 6e4048f
Showing 1 changed file with 1 addition and 6 deletions.
7 changes: 1 addition & 6 deletions SECURITY.md
View file
Expand Up @@ -232,14 +232,9 @@ import java.security.Security;
...

// Somewhere in main()
Security.insertProviderAt(
Conscrypt.newProviderBuilder().provideTrustManager(false).build(), 1);
Security.insertProviderAt(Conscrypt.newProvider(), 1);
```

Note: according to [Conscrypt Implementation Notes](https://github.com/google/conscrypt/blob/2.4.0/IMPLEMENTATION_NOTES.md#hostname-verification),
its default `HostnameVerifier` on OpenJDK always fails. This can be worked
around by disabling its default `TrustManager` implementation as shown above.

### TLS with Jetty ALPN

**Please do not use Jetty ALPN**
Expand Down

0 comments on commit 6e4048f

Please sign in to comment.