Change the default value of dbms.ssl.policy.*.verify_hostname to true

modules/ROOT/pages/kubernetes/security.adoc

@@ -450,7 +450,7 @@ neo4j@server-1-0:~/bin$ SHOW SERVERS;
 | "dbms.ssl.policy.bolt.tls_versions"            | "TLSv1.2"                                         |
 | "dbms.ssl.policy.bolt.trust_all"               | "false"                                           |
 | "dbms.ssl.policy.bolt.trusted_dir"             | "/var/lib/neo4j/certificates/bolt/trusted"        |
-| "dbms.ssl.policy.bolt.verify_hostname"         | "false"                                           |
+| "dbms.ssl.policy.bolt.verify_hostname"         | "true"                                           |
 | "dbms.ssl.policy.cluster.base_directory"       | "/var/lib/neo4j/certificates/cluster"             |
 | "dbms.ssl.policy.cluster.ciphers"              | "No Value"                                        |
 | "dbms.ssl.policy.cluster.client_auth"          | "REQUIRE"                                         |
@@ -462,7 +462,7 @@ neo4j@server-1-0:~/bin$ SHOW SERVERS;
 | "dbms.ssl.policy.cluster.tls_versions"         | "TLSv1.2"                                         |
 | "dbms.ssl.policy.cluster.trust_all"            | "false"                                           |
 | "dbms.ssl.policy.cluster.trusted_dir"          | "/var/lib/neo4j/certificates/cluster/trusted"     |
-| "dbms.ssl.policy.cluster.verify_hostname"      | "false"                                           |
+| "dbms.ssl.policy.cluster.verify_hostname"      | "true"                                           |
 | "dbms.ssl.policy.https.base_directory"         | "/var/lib/neo4j/certificates/https"               |
 | "dbms.ssl.policy.https.ciphers"                | "No Value"                                        |
 | "dbms.ssl.policy.https.client_auth"            | "NONE"                                            |
@@ -474,7 +474,7 @@ neo4j@server-1-0:~/bin$ SHOW SERVERS;
 | "dbms.ssl.policy.https.tls_versions"           | "TLSv1.2"                                         |
 | "dbms.ssl.policy.https.trust_all"              | "false"                                           |
 | "dbms.ssl.policy.https.trusted_dir"            | "/var/lib/neo4j/certificates/https/trusted"       |
-| "dbms.ssl.policy.https.verify_hostname"        | "false"                                           |
+| "dbms.ssl.policy.https.verify_hostname"        | "true"                                           |
 +----------------------------------------------------------------------------------------------------+
 
 37 rows

modules/ROOT/pages/security/ssl-framework.adoc

@@ -269,11 +269,11 @@ The SSL policies are configured by assigning values to parameters of the followi
 | `trusted_dir`          | A directory populated with certificates of trusted parties.                            | `trusted/`
 | `revoked_dir`          | A directory populated with certificate revocation lists (CRLs).                        | `revoked/`
 3+^.^| *Advanced*
-| `verify_hostname`      | Enabling this setting turns on client-side hostname verification.
+| `verify_hostname` footnote:[In Neo4j 2025.01, the default value is changed  from `false` to `true`.]      | Enabling this setting turns on client-side hostname verification.
                            After receiving the server's public certificate, the client compares the
                            address it uses against the certificate Common Name (CN) and Subject Alternative
                            Names (SAN) fields.
-                           If the address does not match those fields, the client disconnects.            | `false`
+                           If the address does not match those fields, the client disconnects.            | `true`
 | `ciphers`              | A comma-separated list of ciphers suites allowed during cipher negotiation.
                            Valid values depend on the current JRE, SSL provider, and TLS version.
                            For Ciphers supported by the Oracle JRE, see the link:https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html#jsse-cipher-suite-names[Oracle official documentation].