S5527 is a new rule merging the implementations of S3510 and S4499 into the same umbrella.
S3510 and S4499 should be deprecated. See SONARJAVA-3204
8 java security rules focusing on cryptography domain
Deprecate S3510 and S4499 in favor of S5527
Server hostnames should be verified during SSL/TLS connections
"HostnameVerifier.verify" should not always return true
SMTP SSL connection should check server identity