> +#### What can I do to avoid being affected by POODLE? > + > +If you are concerned about POODLE, there are two main ways to avoid being > affected: > + > +* ensure that your provider no longer supports SSLv3 > + > +Many cloud providers are disabling support for SSLv3 - the protocol version > exploited by POODLE - on the server-side. Checking whether the cloud > providers you are talking to using jclouds have removed support for SSLv3 is > the easiest possible fix for you as a user, since it requires no changes to > any of your client code. > + > +* configure your client code to not support SSLv3 connections > + > +See below for options on how to disable SSLv3 support for client > applications using jclouds to talk to cloud providers. > + > +### Technical details > + > +#### How does POODLE relate to jclouds? > +
POODLE is a transport level attack which requires instigating a fallback to SSLv3. Implementations of jclouds http driver (HttpCommandExecutorService) dictate TLS configuration. The default http driver inherits TLS configuration from (HttpsURLConnection)[http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/HttpsURLConnection.html]. --- Reply to this email directly or view it on GitHub: https://github.com/jclouds/jclouds-site/pull/138/files#r19282379
