I’ve been asked to propose backporting these changes to the 1.13 branch. This is a security issue – endpoint verification in servers is currently broken. That is, if you enable it you’re unable to start up a cluster.
Endpoint verification requires the server-side of a tcp/ip connection to present a certificate that identifies the server by hostname. The client then checks that hostname against what it expects as part of the TLS (“SSL”) handshake. https://github.com/apache/geode/pull/5131