Documentation

You are viewing the documentation for the 2.4.x release series. The latest stable release series is 3.0.x.

§Configuring Hostname Verification

Hostname verification is a little known part of HTTPS that involves a server identity check to ensure that the client is talking to the correct server and has not been redirected by a man in the middle attack.

The check involves looking at the certificate sent by the server, and verifying that the dnsName in the subjectAltName field of the certificate matches the host portion of the URL used to make the request.

WS SSL does hostname verification automatically, using the DefaultHostnameVerifier to implement the hostname verifier fallback interface.

§Modifying the Hostname Verifier

If you need to specify a different hostname verifier, you can configure application.conf to provide your own custom HostnameVerifier:

play.ws.ssl.hostnameVerifierClass=org.example.MyHostnameVerifier

§Debugging

Hostname Verification can be tested using dnschef. A complete guide is out of scope of documentation, but an example can be found in Testing Hostname Verification.

§Further Reading

Next: Example Configurations


Found an error in this documentation? The source code for this page can be found here. After reading the documentation guidelines, please feel free to contribute a pull request. Have questions or advice to share? Go to our community forums to start a conversation with the community.