Unless I missed something, it seems Oracle's Java 7u9 JRE no longer enables checking of SSL Certificate Revocation Lists (CRLs)[see: http://docs.oracle.com/javase/7/docs/technotes/guides/deployment/deployment-guide/jcp.html#security - search for CRL, notice the default]. Does this mean any ssl certificate that may have been compromised and placed into CRL is no longer validated?