[
https://issues.apache.org/jira/browse/JCLOUDS-759?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14184812#comment-14184812
]
Adrian Cole commented on JCLOUDS-759:
-------------------------------------
[~andrewp] I looked around and it doesn't look that simple.
ex. I got this far..
{code}
SSLSocketFactory sf = new SSLSocketFactory(
SSLContexts.createDefault(), // or untrusted that we supply
new String[] {"TLSv1", "TLSv1.1", "TLSv1.2"}, // can't find a way
to get besides SSLSocket.getEnabledProtocols
HttpsURLConnection.getDefaultSSLSocketFactory().getSupportedCipherSuites(), //
found that one
SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER // or
ALLOW_ALL_HOSTNAME_VERIFIER
);
{code}
Seems like just digging around. Probably we should just go with apachehc
defaults and not partially mix with jre stuff.
> Make it easier to configure TLS overrides in apache hc driver
> -------------------------------------------------------------
>
> Key: JCLOUDS-759
> URL: https://issues.apache.org/jira/browse/JCLOUDS-759
> Project: jclouds
> Issue Type: Sub-task
> Components: jclouds-drivers
> Affects Versions: 1.5.10, 1.6.3, 1.7.3, 1.8.1
> Reporter: Adrian Cole
> Priority: Minor
> Fix For: 1.8.2
>
>
> The current apachehc driver is using all sorts of deprecated methods and also
> doesn't make it easy to allow the user to supply correct SSL configuration.
> Since it doesn't inherit the ssl config from the JVM, it needs to be
> explicitly specified.
> Let's change the default to not permit SSLv3 in a way that allows users to
> override that.
> Example is listed here.
> http://stackanswers.com/questions/26429751/java-http-clients-and-poodle
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
