设置客户端ssl时代码引用了这一段:
serverConfig.setClientSslCtx(
SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE)
.build());
我看网上有人说InsecureTrustManagerFactory是非常不安全的,
官方文档也说了https://netty.io/4.1/api/io/netty/handler/ssl/util/InsecureTrustManagerFactory.html
An insecure TrustManagerFactory that trusts all X.509 certificates without any verification.
NOTE: Never use this TrustManagerFactory in production. It is purely for testing purposes, and thus it is very insecure.
是否是有隐患的?
设置客户端ssl时代码引用了这一段: serverConfig.setClientSslCtx( SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE) .build()); 我看网上有人说InsecureTrustManagerFactory是非常不安全的, 官方文档也说了https://netty.io/4.1/api/io/netty/handler/ssl/util/InsecureTrustManagerFactory.html An insecure TrustManagerFactory that trusts all X.509 certificates without any verification. NOTE: Never use this TrustManagerFactory in production. It is purely for testing purposes, and thus it is very insecure. 是否是有隐患的?