> + client.setConnectTimeout(utils.getConnectionTimeout(),
> TimeUnit.MILLISECONDS);
> + client.setReadTimeout(utils.getSocketOpenTimeout(),
> TimeUnit.MILLISECONDS);
> + client.setFollowRedirects(false);
> + ConnectionSpec tlsSpec = new
> ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
> + .tlsVersions(TlsVersion.TLS_1_0, TlsVersion.TLS_1_1,
> TlsVersion.TLS_1_2)
> + .build();
> + ConnectionSpec cleartextSpec = new
> ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT)
> + .build();
> + client.setConnectionSpecs(ImmutableList.of(tlsSpec, cleartextSpec));
> +
> client.setSslSocketFactory(sslContextWithKeysSupplier.get().getSocketFactory());
> +
> + if (utils.relaxHostname()) {
> + client.setHostnameVerifier(hostnameVerifier);
> + }
> + return client;
> + }
In that case I'd suggest that the docker provider uses a linked binding to bind
the
[UntrustedSSLContextSupplier](https://github.com/jclouds/jclouds/blob/master/core/src/main/java/org/jclouds/http/config/SSLModule.java#L76)
to one that both implements the trustallcerts but has the Docker keys in it,
but keep the OkHttp client supplier approach and avoid copy/pasting the OkHttp
module config. WDYT?
---
Reply to this email directly or view it on GitHub:
https://github.com/jclouds/jclouds-labs/pull/188/files#r35082825
