neo4j · gjmwoods · Jun 2, 2020 · May 28, 2020
diff --git a/driver/src/main/java/org/neo4j/driver/internal/SecuritySettings.java b/driver/src/main/java/org/neo4j/driver/internal/SecuritySettings.java
@@ -92,11 +92,11 @@ private SecurityPlan createSecurityPlanFromScheme( String scheme ) throws Genera
     {
         if ( isHighTrustScheme(scheme) )
         {
-            return SecurityPlanImpl.forSystemCASignedCertificates( trustStrategy.isHostnameVerificationEnabled() );
+            return SecurityPlanImpl.forSystemCASignedCertificates( true );
         }
         else
         {
-            return SecurityPlanImpl.forAllCertificates( trustStrategy.isHostnameVerificationEnabled() );
+            return SecurityPlanImpl.forAllCertificates( false );
         }
     }
 

diff --git a/driver/src/test/java/org/neo4j/driver/internal/SecuritySettingsTest.java b/driver/src/test/java/org/neo4j/driver/internal/SecuritySettingsTest.java
@@ -75,9 +75,22 @@ void testSystemCertCompatibleConfiguration( String scheme ) throws Exception
         SSLContext defaultContext = SSLContext.getDefault();
 
         assertTrue( securityPlan.requiresEncryption() );
+        assertTrue( securityPlan.requiresHostnameVerification() );
         assertEquals( defaultContext, securityPlan.sslContext() );
     }
 
+    @ParameterizedTest
+    @MethodSource( "selfSignedSchemes" )
+    void testSelfSignedCertConfigDisablesHostnameVerification( String scheme ) throws Exception
+    {
+        SecuritySettings securitySettings = new SecuritySettings.SecuritySettingsBuilder().build();
+
+        SecurityPlan securityPlan = securitySettings.createSecurityPlan( scheme );
+
+        assertTrue( securityPlan.requiresEncryption() );
+        assertFalse( securityPlan.requiresHostnameVerification() );
+    }
+
     @ParameterizedTest
     @MethodSource( "allSchemes" )
     void testThrowsOnUserCustomizedEncryption( String scheme )
@@ -156,7 +169,7 @@ void testConfiguredEncryption()
     }
 
     @Test
-    void testConfiguredAllCertificates() throws NoSuchAlgorithmException
+    void testConfiguredAllCertificates()
     {
         SecuritySettings securitySettings = new SecuritySettings.SecuritySettingsBuilder()
                 .withEncryption()