diff --git a/leiningen-core/project.clj b/leiningen-core/project.clj
index 7e6f6bc28..b2330e42e 100644
--- a/leiningen-core/project.clj
+++ b/leiningen-core/project.clj
@@ -8,7 +8,7 @@
                  [classlojure "0.6.6"]
                  [robert/hooke "1.3.0"]
                  [com.cemerick/pomegranate "0.3.0"]
-                 [org.apache.maven.wagon/wagon-http "2.7"]
+                 [org.apache.maven.wagon/wagon-http "2.9"]
                  [com.hypirion/io "0.3.1"]
                  [pedantic "0.2.0"]]
   :scm {:dir ".."}
diff --git a/leiningen-core/src/leiningen/core/project.clj b/leiningen-core/src/leiningen/core/project.clj
index 456f3ac20..67b7470b6 100644
--- a/leiningen-core/src/leiningen/core/project.clj
+++ b/leiningen-core/src/leiningen/core/project.clj
@@ -758,11 +758,11 @@
     (let [make-context (resolve 'leiningen.core.ssl/make-sslcontext)
           read-certs (resolve 'leiningen.core.ssl/read-certs)
           default-certs (resolve 'leiningen.core.ssl/default-trusted-certs)
-          register-scheme (resolve 'leiningen.core.ssl/register-scheme)
-          https-scheme (resolve 'leiningen.core.ssl/https-scheme)
+          override-wagon-registry! (resolve 'leiningen.core.ssl/override-wagon-registry!)
+          https-registry (resolve 'leiningen.core.ssl/https-registry)
           certs (mapcat read-certs (:certificates project))
           context (make-context (into (default-certs) certs))]
-      (register-scheme (https-scheme context))
+      (override-wagon-registry! (https-registry context))
       project)))
 
 (defn activate-middleware
diff --git a/leiningen-core/src/leiningen/core/ssl.clj b/leiningen-core/src/leiningen/core/ssl.clj
index 594672d67..83e477820 100644
--- a/leiningen-core/src/leiningen/core/ssl.clj
+++ b/leiningen-core/src/leiningen/core/ssl.clj
@@ -1,5 +1,6 @@
 (ns leiningen.core.ssl
-  (:require [clojure.java.io :as io]
+  (:require [cemerick.pomegranate.aether :as aether]
+            [clojure.java.io :as io]
             [leiningen.core.user :as user])
   (:import java.security.KeyStore
            java.security.KeyStore$TrustedCertificateEntry
@@ -10,10 +11,12 @@
            javax.net.ssl.TrustManagerFactory
            javax.net.ssl.X509TrustManager
            java.io.FileInputStream
-           org.apache.http.conn.ssl.SSLSocketFactory
-           org.apache.http.conn.scheme.Scheme
-           org.apache.maven.wagon.providers.http.HttpWagon
-           org.apache.http.conn.ssl.BrowserCompatHostnameVerifier))
+           org.apache.http.config.RegistryBuilder
+           org.apache.http.conn.socket.PlainConnectionSocketFactory
+           org.apache.http.conn.ssl.BrowserCompatHostnameVerifier
+           org.apache.http.conn.ssl.SSLConnectionSocketFactory
+           org.apache.http.impl.conn.PoolingHttpClientConnectionManager
+           org.apache.maven.wagon.providers.http.HttpWagon))
 
 (defn ^TrustManagerFactory trust-manager-factory [^KeyStore keystore]
   (doto (TrustManagerFactory/getInstance "PKIX")
@@ -78,16 +81,48 @@
 
 (alter-var-root #'make-sslcontext memoize)
 
-(defn https-scheme
-  "Construct a Scheme that uses a given SSLContext."
-  ([context] (https-scheme context 443))
+(defn https-registry
+  "Constructs a registry map that uses a given SSLContext for https."
+  [context]
+  (let [factory (SSLConnectionSocketFactory. context (BrowserCompatHostnameVerifier.))]
+    {"https" factory
+     "http" PlainConnectionSocketFactory/INSTANCE}))
+
+(defn ^:deprecated https-scheme
+  "Constructs a registry map that uses a given SSLContext for https.
+
+  DEPRECATED: Use https-registry instead."
   ([context port]
-     (let [factory (SSLSocketFactory. context (BrowserCompatHostnameVerifier.))]
-       (Scheme. "https" port factory))))
-
-(def register-scheme
-  "Register a scheme with the HTTP Wagon for use with Aether."
-  (memoize (fn [scheme]
-             (-> (.getConnectionManager (HttpWagon.))
-                 (.getSchemeRegistry)
-                 (.register scheme)))))
+   (if (not= port 443) ;; TODO: Should we support this?
+     (throw (ex-info "Specifying port for https-scheme is not possible anymore."
+                     {:context context :port port}))
+     (https-scheme context)))
+  ([context]
+   (binding [*out* *err*]
+     (println "https-scheme is deprecated, use https-registry instead"))
+   (https-registry context)))
+
+(defn- map->registry
+  "Creates a Registry based of the given map."
+  [m]
+  (let [rb (RegistryBuilder/create)]
+    (doseq [[scheme conn-sock-factory] m]
+      (.register rb scheme conn-sock-factory))
+    (.build rb)))
+
+(defn override-wagon-registry!
+  "Override the registry scheme used by the HTTP Wagon's Connection
+  manager (used for Aether)."
+  [registry]
+  (let [cm (PoolingHttpClientConnectionManager. (map->registry registry))]
+    (HttpWagon/setPoolingHttpClientConnectionManager cm)))
+
+(defn ^:deprecated register-scheme
+  "Override the registry scheme used by the HTTP Wagon's Connection
+  manager (used for Aether).
+
+  DEPRECATED: Use override-wagon-registry! instead."
+  [scheme]
+  (binding [*out* *err*]
+    (println "register-scheme is deprecated, use override-wagon-registry! instead"))
+  (override-wagon-registry! scheme))