diff --git a/modules/ROOT/pages/kubernetes/security.adoc b/modules/ROOT/pages/kubernetes/security.adoc index 67ce99056..6d3e35676 100644 --- a/modules/ROOT/pages/kubernetes/security.adoc +++ b/modules/ROOT/pages/kubernetes/security.adoc @@ -450,7 +450,7 @@ neo4j@server-1-0:~/bin$ SHOW SERVERS; | "dbms.ssl.policy.bolt.tls_versions" | "TLSv1.2" | | "dbms.ssl.policy.bolt.trust_all" | "false" | | "dbms.ssl.policy.bolt.trusted_dir" | "/var/lib/neo4j/certificates/bolt/trusted" | -| "dbms.ssl.policy.bolt.verify_hostname" | "false" | +| "dbms.ssl.policy.bolt.verify_hostname" | "true" | | "dbms.ssl.policy.cluster.base_directory" | "/var/lib/neo4j/certificates/cluster" | | "dbms.ssl.policy.cluster.ciphers" | "No Value" | | "dbms.ssl.policy.cluster.client_auth" | "REQUIRE" | @@ -462,7 +462,7 @@ neo4j@server-1-0:~/bin$ SHOW SERVERS; | "dbms.ssl.policy.cluster.tls_versions" | "TLSv1.2" | | "dbms.ssl.policy.cluster.trust_all" | "false" | | "dbms.ssl.policy.cluster.trusted_dir" | "/var/lib/neo4j/certificates/cluster/trusted" | -| "dbms.ssl.policy.cluster.verify_hostname" | "false" | +| "dbms.ssl.policy.cluster.verify_hostname" | "true" | | "dbms.ssl.policy.https.base_directory" | "/var/lib/neo4j/certificates/https" | | "dbms.ssl.policy.https.ciphers" | "No Value" | | "dbms.ssl.policy.https.client_auth" | "NONE" | @@ -474,7 +474,7 @@ neo4j@server-1-0:~/bin$ SHOW SERVERS; | "dbms.ssl.policy.https.tls_versions" | "TLSv1.2" | | "dbms.ssl.policy.https.trust_all" | "false" | | "dbms.ssl.policy.https.trusted_dir" | "/var/lib/neo4j/certificates/https/trusted" | -| "dbms.ssl.policy.https.verify_hostname" | "false" | +| "dbms.ssl.policy.https.verify_hostname" | "true" | +----------------------------------------------------------------------------------------------------+ 37 rows diff --git a/modules/ROOT/pages/security/ssl-framework.adoc b/modules/ROOT/pages/security/ssl-framework.adoc index dce382bfc..09e0a9875 100644 --- a/modules/ROOT/pages/security/ssl-framework.adoc +++ b/modules/ROOT/pages/security/ssl-framework.adoc @@ -269,11 +269,11 @@ The SSL policies are configured by assigning values to parameters of the followi | `trusted_dir` | A directory populated with certificates of trusted parties. | `trusted/` | `revoked_dir` | A directory populated with certificate revocation lists (CRLs). | `revoked/` 3+^.^| *Advanced* -| `verify_hostname` | Enabling this setting turns on client-side hostname verification. +| `verify_hostname` footnote:[In Neo4j 2025.01, the default value is changed from `false` to `true`.] | Enabling this setting turns on client-side hostname verification. After receiving the server's public certificate, the client compares the address it uses against the certificate Common Name (CN) and Subject Alternative Names (SAN) fields. - If the address does not match those fields, the client disconnects. | `false` + If the address does not match those fields, the client disconnects. | `true` | `ciphers` | A comma-separated list of ciphers suites allowed during cipher negotiation. Valid values depend on the current JRE, SSL provider, and TLS version. For Ciphers supported by the Oracle JRE, see the link:https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html#jsse-cipher-suite-names[Oracle official documentation].