> > Actually, we should dictate that apis or users who muck with SSL have to > use okhttp 2.1+. > > How to best communicate this kind of information and ensure everyone knows > about it? > No non-labs api does at the moment. All we need to do is document during release of jclouds 1.9 or whatever docker is in that it requires okhttp per X, where X is a link that describes this policy.
Probably it needs to be in the configuration reference http://jclouds.apache.org/reference/configuration/ basically stating that you cannot change http drivers of apis that screw with TLS. It would also show how to optionally use ConfigurationSpec to control TLS for any api (ex. those frightened of the next POODLE go here). Then, there would be a coding standard or practice on the wiki that says we have one way of dealing with TLS, so please don't propagate alternatives. Does this answer? --- Reply to this email directly or view it on GitHub: https://github.com/jclouds/jclouds/pull/617#issuecomment-64733461
