> Did you actually test this? This also does not work in my testing. As > the javadoc says: > "Sets the default SSLSocketFactory inherited by new instances of this class." Nope. I didn't test this, hence my suggestion to do test shotgun advice.
> The implication being that if application code explicitly sets the > socket factory, it will override the default. If the application is overriding this and they are concerned about POODLE, they should change that. > This is exactly what > JavaHttpCommandExecutorService does: > > core/src/main/java/org/jclouds/http/internal/JavaUrlHttpCommandExecutorService.java: > > sslCon.setSSLSocketFactory(sslContextSupplier.get().getSocketFactory()); You are wrong here. this is guarded by an if statement https://github.com/jclouds/jclouds/blob/master/core/src/main/java/org/jclouds/http/internal/JavaUrlHttpCommandExecutorService.java#L205 This won't be invoked unless you are working on fgcp or azurecompute (labs), or you have a custom guice module.
