On Fri, Oct 17, 2014 at 12:45:15AM +0200, Andrew Phillips wrote: > >issues, mostly with signed URLs and request limiting. The POODLE issue > >described in JCLOUDS-753 concerns me although I do not have time this > >week to investigate its severity. > > Anyone else have thoughts on this? Diwaker's comments in the JIRA > issue suggest that we may want to consider this as a blocker. > > I unfortunately don't have any time to test this immediately, but I > think it would be very helpful to know whether it is possible > > 1. to use a different HTTP driver or > 2. to supply a config module to the ContextBuilder to appropriately > override the SSL config > > to mitigate this. > > Does anyone have some cycles to look into this?
I prefer to exercise an abundance of caution and extend the vote until we understand the issue. Otherwise we may need to immediately run another release. I can look at this over the weekend if no one else volunteers. -- Andrew Gaul http://gaul.org/
