Sam Corbett created BROOKLYN-200:
------------------------------------
Summary: Consider using other geo-DNS providers
Key: BROOKLYN-200
URL: https://issues.apache.org/jira/browse/BROOKLYN-200
Project: Brooklyn
Issue Type: Improvement
Reporter: Sam Corbett
Brooklyn supplies an entity for geo-DNS that uses a service provided by
geoscaling.com. This entity is fundamentally broken because of problems with
geoscaling.com's SSL certificate.
This has been noted in
[GeoscalingWebClientTest|https://github.com/sjcorbett/incubator-brooklyn/blob/02c5d33618373fc5ebe891eb485eca084391c540/software/webapp/src/test/java/org/apache/brooklyn/entity/dns/geoscaling/GeoscalingWebClientTest.java#L48-L106],
currently disabled. When connecting to the service the following exception is
thrown:
{code}
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1991)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1098)
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:721)
{code}
The workaround is to import the SSL certificate for geoscaling.com into the
JDK's keystore, but this is unpleasant and hardly something we want to
recommend to users of Brooklyn.
Further to this issue, geoscaling.com only uses the RC4 cipher. This is going
to be disabled by all major browsers at the beginning of 2016. We will be
recommending a service that people's browsers will refuse to sign in to.
I've filed a support ticket stating the above with geoscaling.com. At the same
time we should consider whether we can use a different provider for this entity.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
