[jira] [Commented] (BROOKLYN-200) Consider using other geo-DNS providers

Mon, 14 Dec 2015 08:30:23 -0800 

    [ 
https://issues.apache.org/jira/browse/BROOKLYN-200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15056224#comment-15056224
 ] 

Sam Corbett commented on BROOKLYN-200:
--------------------------------------

Comment from Michael at Geoscaling on 12/12/2015:
{quote}
thank you for this ticket. Yes, I know the SSL configuration of our webpage is 
very outdated. This is because the server and software were the website runs on 
is mostly as old as our service. Since about 8 months we are working on the new 
webpage and this is getting an A+ rating in SSLLabs test already. We will 
launch this new webpage as soon as possible. 
{quote}


> Consider using other geo-DNS providers
> --------------------------------------
>
>                 Key: BROOKLYN-200
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-200
>             Project: Brooklyn
>          Issue Type: Improvement
>            Reporter: Sam Corbett
>
> Brooklyn supplies an entity for geo-DNS that uses a service provided by 
> geoscaling.com.  This entity is fundamentally broken because of problems with 
> geoscaling.com's SSL certificate.
> This has been noted in 
> [GeoscalingWebClientTest|https://github.com/sjcorbett/incubator-brooklyn/blob/02c5d33618373fc5ebe891eb485eca084391c540/software/webapp/src/test/java/org/apache/brooklyn/entity/dns/geoscaling/GeoscalingWebClientTest.java#L48-L106],
>  currently disabled. When connecting to the service the following exception 
> is thrown:
> {code}
> javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
>         at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>         at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
>         at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1991)
>         at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1098)
>         at 
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344)
>         at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:721)
> {code}
> The workaround is to import the SSL certificate for geoscaling.com into the 
> JDK's keystore, but this is unpleasant and hardly something we want to 
> recommend to users of Brooklyn.
> Further to this issue, geoscaling.com only uses the RC4 cipher. This is going 
> to be disabled by all major browsers at the beginning of 2016. We will be 
> recommending a service that people's browsers will refuse to sign in to.
> I've filed a support ticket stating the above with geoscaling.com. At the 
> same time we should consider whether we can use a different provider for this 
> entity.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to