You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the GHTTP client in our project is configured by default to skip TLS certificate verification. This default setting undermines security by exposing connections to potential man-in-the-middle attacks and compromising data integrity.
I propose changing the default behavior to require TLS certificate verification. This enhancement ensures secure, encrypted, and authenticated communications. For development flexibility, an explicit configuration option should be added to selectively disable verification when necessary.
Additional
No response
The text was updated successfully, but these errors were encountered:
Description
Currently, the GHTTP client in our project is configured by default to skip TLS certificate verification. This default setting undermines security by exposing connections to potential man-in-the-middle attacks and compromising data integrity.
I propose changing the default behavior to require TLS certificate verification. This enhancement ensures secure, encrypted, and authenticated communications. For development flexibility, an explicit configuration option should be added to selectively disable verification when necessary.
Additional
No response
The text was updated successfully, but these errors were encountered: