src - https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html
valid PHP
JSSE (Java Secure Socket Extension) - SSLSocketFactory silently skips hostname verification if the algorithm field in the SSL client is NULL or an empty string rather than HTTPS. (ref / fix)
valid PHP
JavaScript:
curl_setopt($curlHandle, CURLOPT_SSL_VERIFYPEER, 1); //https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
curl_setopt($curlHandle, CURLOPT_SSL_VERIFYHOST, 2); //https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.htmlJSSE (Java Secure Socket Extension) - SSLSocketFactory silently skips hostname verification if the algorithm field in the SSL client is NULL or an empty string rather than HTTPS. (ref / fix)