Issue with upgrading to 2.3.6

Peter Schober peter.schober at univie.ac.at
Wed Feb 29 21:40:32 GMT 2012


* Chad La Joie <lajoie at shibboleth.net> [2012-02-29 17:52]:
> But honestly if you're going to disable hostname verification then
> just stop using SSL/TLS because without this check you're only
> pretending that your connection is secure.

Well, the confidentiality is still there, you just can't be sure whom
its with (not sure that's proper english) ;)
-peter


More information about the users mailing list