> +If you are concerned about secure connections, it is almost never a good > idea to use this option in the first place. If you absolutely need to trust > all certificates _and_ disable SSLv3, you can: > + > + * create an SSLContext with the appropriate settings (see > [SSLModule](https://github.com/jclouds/jclouds/blob/master/core/src/main/java/org/jclouds/http/config/SSLModule.java) > for an example of how to create a trust manager that trusts all certs) > + * set it as the default socket factory for HttpsURLConnection as described > above > + * set `jclouds.trust-all-certs` to false, to prevent jclouds from using > its own SSLContext > + > +2) If you are using the [Azure > Compute](https://github.com/jclouds/jclouds-labs/tree/master/azurecompute) or > [FCGP](https://github.com/jclouds/jclouds-labs/tree/master/fgcp) labs > providers > + > +jclouds sets a specific SSL configuration for these providers to support the > key-based authentication they require. If you are using either of these > providers and need to disable SSLv3, follow the same steps as above > + > +* create an SSLContext with the appropriate settings (see > [here](https://github.com/jclouds/jclouds-labs/blob/master/azurecompute/src/main/java/org/jclouds/azurecompute/suppliers/SSLContextWithKeysSupplier.java) > for Azure Compute and > [here](https://github.com/jclouds/jclouds-labs/blob/master/fgcp/src/main/java/org/jclouds/fujitsu/fgcp/suppliers/SSLContextWithKeysSupplier.java) > for FCGP) > + * set it as the default socket factory for HttpsURLConnection as described > above > + > +#### Why does jclouds not simply disable SSLv3 for all secure connections? > + > +At this point in time, it is not possible to determine the impact that > disabling SSLv3 for secure connections to **all** providers (supported and > custom) would have on functionality. Many providers have already disabled > SSLv3 on the server side of the connection, protecting users automatically.
SSLv3 is configured at the http driver layer, typically inherited from their configuration. Jclouds aims to make http drivers configurable without limiting their ability to address this and future TLS issues. Our approach is to document how to use the http drivers in such a way that users can configure them without jclouds intruding on that. In other words, let's please not start picking up responsibility below our abstraction level! --- Reply to this email directly or view it on GitHub: https://github.com/jclouds/jclouds-site/pull/138/files#r19283052
