Keep configs mentioned in reference.conf, but commented out

mkurz · mkurz · commit ae4786b29b3d · 2025-10-24T13:14:06.000+02:00
diff --git a/ssl-config-core/src/main/resources/reference.conf b/ssl-config-core/src/main/resources/reference.conf
@@ -22,6 +22,40 @@ ssl-config {
   # The enabled protocols. If empty, uses the platform default.
   enabledProtocols = ["TLSv1.3", "TLSv1.2"]
 
+  # The hostname verifier class.
+  # If non null, should be the fully qualify classname of a class that implements HostnameVerifier,
+  # otherwise the default will be used.
+  #
+  # BE AWARE:
+  # This config is kept for compatibilby only and is NOT used by:
+  #  - SSL Config itself
+  #  - Play WS
+  # This config is used by the following 3rd party libraries and their versions:
+  #  - Pekko < v2, Pekko HTTP < v2
+  #  - Akka <= v2.8, Akka HTTP <= v10.5
+  #hostnameVerifierClass = null
+
+  #sslParameters {
+  #
+  # BE AWARE:
+  # These configs are kept for compatibilby only and are NOT used by:
+  #  - SSL Config itself
+  #  - Play WS
+  # These config are used by the following 3rd party libraries and their versions:
+  #  - Pekko HTTP < v2
+  #  - Akka HTTP <= v10.5
+  #
+  #  # translates to a setNeedClientAuth / setWantClientAuth calls
+  #  # "default" – leaves the (which for JDK8 means wantClientAuth and needClientAuth are set to false.)
+  #  # "none"    – `setNeedClientAuth(false)`
+  #  # "want"    – `setWantClientAuth(true)`
+  #  # "need"    – `setNeedClientAuth(true)`
+  #  clientAuth = "default"
+  #
+  #  # protocols (names)
+  #  protocols = []
+  #}
+
   # Configuration for the key manager
   keyManager {
     # The key manager algorithm. If empty, uses the platform default.
@@ -82,6 +116,32 @@ ssl-config {
     # If non null, overrides the platform default for whether unsafe renegotiation should be allowed.
     allowUnsafeRenegotiation = null
 
+    # Whether hostname verification should be disabled
+    #
+    # BE AWARE:
+    # This config is kept for compatibilby only and is NOT used by:
+    #  - SSL Config itself
+    #  - Play WS
+    # This config is used by the following 3rd party libraries and their versions:
+    #  - Pekko < v2, Pekko HTTP < v2
+    #  - Akka <= v2.8, Akka HTTP <= v10.5
+    #  - Gigahorse (https://github.com/eed3si9n/gigahorse)
+    #disableHostnameVerification = false
+
+    # Whether the SNI (Server Name Indication) TLS extension should be disabled
+    # This setting MAY be respected by client libraries.
+    #
+    # https://tools.ietf.org/html/rfc3546#sectiom-3.1
+    #
+    # BE AWARE:
+    # This config is kept for compatibilby only and is NOT used by:
+    #  - SSL Config itself
+    #  - Play WS
+    # This config is used by the following 3rd party libraries and their versions:
+    #  - Pekko < v2, Pekko HTTP < v2
+    #  - Akka <= v2.8, Akka HTTP <= v10.5
+    #disableSNI = false
+
     # Whether any certificate should be accepted or not
     acceptAnyCertificate = false
   }
