brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (BROOKLYN-200) Consider using other geo-DNS providers
Date Thu, 17 Dec 2015 12:31:46 GMT

    [ https://issues.apache.org/jira/browse/BROOKLYN-200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15061982#comment-15061982
] 

ASF GitHub Bot commented on BROOKLYN-200:
-----------------------------------------

Github user sjcorbett commented on a diff in the pull request:

    https://github.com/apache/incubator-brooklyn/pull/1096#discussion_r47900185
  
    --- Diff: software/webapp/src/test/java/org/apache/brooklyn/entity/dns/geoscaling/GeoscalingWebClientTest.java
---
    @@ -100,12 +106,9 @@
     ... 31 more
      */
     @Test(groups="Broken", enabled=false)
    --- End diff --
    
    Yes, for reasons described here: https://issues.apache.org/jira/browse/BROOKLYN-200


> Consider using other geo-DNS providers
> --------------------------------------
>
>                 Key: BROOKLYN-200
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-200
>             Project: Brooklyn
>          Issue Type: Improvement
>            Reporter: Sam Corbett
>
> Brooklyn supplies an entity for geo-DNS that uses a service provided by geoscaling.com.
 This entity is fundamentally broken because of problems with geoscaling.com's SSL certificate.
> This has been noted in [GeoscalingWebClientTest|https://github.com/sjcorbett/incubator-brooklyn/blob/02c5d33618373fc5ebe891eb485eca084391c540/software/webapp/src/test/java/org/apache/brooklyn/entity/dns/geoscaling/GeoscalingWebClientTest.java#L48-L106],
currently disabled. When connecting to the service the following exception is thrown:
> {code}
> javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
>         at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>         at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
>         at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1991)
>         at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1098)
>         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344)
>         at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:721)
> {code}
> The workaround is to import the SSL certificate for geoscaling.com into the JDK's keystore,
but this is unpleasant and hardly something we want to recommend to users of Brooklyn.
> Further to this issue, geoscaling.com only uses the RC4 cipher. This is going to be disabled
by all major browsers at the beginning of 2016. We will be recommending a service that people's
browsers will refuse to sign in to.
> I've filed a support ticket stating the above with geoscaling.com. At the same time we
should consider whether we can use a different provider for this entity.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message