> +jclouds only changes the SSL connection settings (rather than inheriting > them from the JVM) in two cases: > + > +1) If you are setting `jclouds.trust-all-certs=true`, i.e. are configuring > jclouds to trust **all** certificates > + > +If you are concerned about secure connections, it is almost never a good > idea to use this option in the first place. If you absolutely need to trust > all certificates _and_ disable SSLv3, you can: > + > + * create an SSLContext with the appropriate settings (see > [SSLModule](https://github.com/jclouds/jclouds/blob/master/core/src/main/java/org/jclouds/http/config/SSLModule.java) > for an example of how to create a trust manager that trusts all certs) > + * set it as the default socket factory for HttpsURLConnection as described > above > + * set jclouds.trust-all-certs to false, to prevent jclouds from using its > own SSLContext > + > +2) If you are using the [Azure > Compute](https://github.com/jclouds/jclouds-labs/tree/master/azurecompute) or > [FCGP](https://github.com/jclouds/jclouds-labs/tree/master/fgcp) labs > providers > + > +jclouds sets a specific SSL configuration for these providers to support the > key-based authentication they require. If you are using either of these > providers and need to disable SSLv3, follow the same steps as above > + > +* create an SSLContext with the appropriate settings (see > [here](https://github.com/jclouds/jclouds-labs/blob/master/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/SSLContextWithKeysSupplier.java) > for Azure Compute and > [here](https://github.com/jclouds/jclouds-labs/blob/master/fgcp/src/main/java/org/jclouds/fujitsu/fgcp/suppliers/SSLContextWithKeysSupplier.java) > for FCGP) > + * set it as the default socket factory for HttpsURLConnection as described > above
It is very, very confusing to spend so much time in the release notes on trust-all-certs or even fgcp or azure. Why not just say something simple. Those who who are using trust-all-certs cannot currently disable SSLv3. If you need a workaround please contact us. I don't think we need to discuss labs, but if we did, we could say in a footnote that those using fgcp and azurecompute are hardcoded to use TLS. --- Reply to this email directly or view it on GitHub: https://github.com/jclouds/jclouds-site/pull/138/files#r19280440
