Several features have been implemented to boost security when using HTTPS.
The user must now explicitly choose between HTTP and HTTPS protocols when configuring a server connection.
In earlier versions, the user would fill in the name or IP address of the server and the app would try both HTTP and HTTPS. This could be a security vulnerability, as a malicious actor could block the HTTPS connection and then intercept or modify the communication over HTTP. That vulnerability has now been eliminated.
In addition, there is now an Ignore certificate errors option in the server configuration on the Servers page. Previously, this functionality was always on (always ignoring errors) in order to allow users to work with self-signed certificates. Now this option is configurable. When it is disabled, the server must use a valid certificate from a trusted certificate authority, the certificate must be valid (not expired), and the server address must match the certificate domain name.
See Also:
Securing MobileHMI Communications Using HTTPS