brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sam Corbett (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (BROOKLYN-200) Consider using other geo-DNS providers
Date Mon, 14 Dec 2015 16:26:46 GMT

    [ https://issues.apache.org/jira/browse/BROOKLYN-200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15056224#comment-15056224
] 

Sam Corbett commented on BROOKLYN-200:
--------------------------------------

Comment from Michael at Geoscaling on 12/12/2015:
{quote}
thank you for this ticket. Yes, I know the SSL configuration of our webpage is very outdated.
This is because the server and software were the website runs on is mostly as old as our service.
Since about 8 months we are working on the new webpage and this is getting an A+ rating in
SSLLabs test already. We will launch this new webpage as soon as possible. 
{quote}


> Consider using other geo-DNS providers
> --------------------------------------
>
>                 Key: BROOKLYN-200
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-200
>             Project: Brooklyn
>          Issue Type: Improvement
>            Reporter: Sam Corbett
>
> Brooklyn supplies an entity for geo-DNS that uses a service provided by geoscaling.com.
 This entity is fundamentally broken because of problems with geoscaling.com's SSL certificate.
> This has been noted in [GeoscalingWebClientTest|https://github.com/sjcorbett/incubator-brooklyn/blob/02c5d33618373fc5ebe891eb485eca084391c540/software/webapp/src/test/java/org/apache/brooklyn/entity/dns/geoscaling/GeoscalingWebClientTest.java#L48-L106],
currently disabled. When connecting to the service the following exception is thrown:
> {code}
> javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
>         at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>         at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
>         at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1991)
>         at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1098)
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344)
>         at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:721)
> {code}
> The workaround is to import the SSL certificate for geoscaling.com into the JDK's keystore,
but this is unpleasant and hardly something we want to recommend to users of Brooklyn.
> Further to this issue, geoscaling.com only uses the RC4 cipher. This is going to be disabled
by all major browsers at the beginning of 2016. We will be recommending a service that people's
browsers will refuse to sign in to.
> I've filed a support ticket stating the above with geoscaling.com. At the same time we
should consider whether we can use a different provider for this entity.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message