...
Even though hostname verification should be enabled to protect against man-in-the-middle attacks, there may be environments were where certificates are generated without hostnames and hostname verification endpoint identification is performed in other ways. It is possible that some of these installations are run with currently using the default config. They will need to explicitly set ssl.endpoint.identification.algorithm to an empty string when upgrading. This will be documented in upgrade notes.
...