> +layout: post > +slug: poole-jclouds > +title: What POODLE means for jclouds > +--- > + > +[POODLE](http://googleonlinesecurity.blogspot.com.au/2014/10/this-poodle-bites-exploiting-ssl-30.html) > is a recently discovered [man-in-the-middle > attack](http://en.wikipedia.org/wiki/Man-in-the-middle_attack) against SSL. > If you are communicating via SSL from Java applications, including jclouds > 1.8.1 and prior versions, you are potentially vulnerable to this attack. > + > +<!--more--> > + > +Exploiting this vulnerability [is > complicated](http://blog.erratasec.com/2014/10/some-poodle-notes.html#.VEb9voBdWIk) > and currently requires the attacker to cause many specifically-crafted > requests to be executed. It is not clear how this could be achieved if the > target user is using jclouds, but the possibility remains, of course. > + > +#### What can I do to avoid being affected by POODLE? > + > +If you are concerned about POODLE, there are two main ways to avoid being > affected: > + > +* ensure that your provider no longer supports SSLv3
nit: endpoint --- Reply to this email directly or view it on GitHub: https://github.com/jclouds/jclouds-site/pull/138/files#r19281834
