> +// use jclouds to make HTTPS connections to your cloud providers > +``` > + > +#### When does jclouds configure SSL connections itself? > + > +jclouds only changes the SSL connection settings (rather than inheriting > them from the JVM) in two cases: > + > +1) If you are setting `jclouds.trust-all-certs=true`, i.e. are configuring > jclouds to trust **all** certificates > + > +If you are concerned about secure connections, it is almost never a good > idea to use this option in the first place. If you absolutely need to trust > all certificates _and_ disable SSLv3, you can: > + > + * create an SSLContext with the appropriate settings (see > [SSLModule](https://github.com/jclouds/jclouds/blob/master/core/src/main/java/org/jclouds/http/config/SSLModule.java) > for an example of how to create a trust manager that trusts all certs) > + * set it as the default socket factory for HttpsURLConnection as described > above > + * set `jclouds.trust-all-certs` to false, to prevent jclouds from using > its own SSLContext > + > +2) If you are using the [Azure > Compute](https://github.com/jclouds/jclouds-labs/tree/master/azurecompute) or > [FCGP](https://github.com/jclouds/jclouds-labs/tree/master/fgcp) labs > providers
Just mention that these labs providers set TLS, but don't allow users to affect protocol fallback choices. *after we check to see if the endpoints are actually vulnerable*, we could say that they are, and so users should assess carefully usage prior to 1.8.2. --- Reply to this email directly or view it on GitHub: https://github.com/jclouds/jclouds-site/pull/138/files#r19282631
