[jira] [Commented] (BROOKLYN-200) Consider using other geo-DNS providers

Thu, 17 Dec 2015 04:32:01 -0800 

    [ 
https://issues.apache.org/jira/browse/BROOKLYN-200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15061982#comment-15061982
 ] 

ASF GitHub Bot commented on BROOKLYN-200:
-----------------------------------------

Github user sjcorbett commented on a diff in the pull request:

    https://github.com/apache/incubator-brooklyn/pull/1096#discussion_r47900185
  
    --- Diff: 
software/webapp/src/test/java/org/apache/brooklyn/entity/dns/geoscaling/GeoscalingWebClientTest.java
 ---
    @@ -100,12 +106,9 @@
     ... 31 more
      */
     @Test(groups="Broken", enabled=false)
    --- End diff --
    
    Yes, for reasons described here: 
https://issues.apache.org/jira/browse/BROOKLYN-200


> Consider using other geo-DNS providers
> --------------------------------------
>
>                 Key: BROOKLYN-200
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-200
>             Project: Brooklyn
>          Issue Type: Improvement
>            Reporter: Sam Corbett
>
> Brooklyn supplies an entity for geo-DNS that uses a service provided by 
> geoscaling.com.  This entity is fundamentally broken because of problems with 
> geoscaling.com's SSL certificate.
> This has been noted in 
> [GeoscalingWebClientTest|https://github.com/sjcorbett/incubator-brooklyn/blob/02c5d33618373fc5ebe891eb485eca084391c540/software/webapp/src/test/java/org/apache/brooklyn/entity/dns/geoscaling/GeoscalingWebClientTest.java#L48-L106],
>  currently disabled. When connecting to the service the following exception 
> is thrown:
> {code}
> javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
>         at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>         at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
>         at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1991)
>         at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1098)
>         at 
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344)
>         at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:721)
> {code}
> The workaround is to import the SSL certificate for geoscaling.com into the 
> JDK's keystore, but this is unpleasant and hardly something we want to 
> recommend to users of Brooklyn.
> Further to this issue, geoscaling.com only uses the RC4 cipher. This is going 
> to be disabled by all major browsers at the beginning of 2016. We will be 
> recommending a service that people's browsers will refuse to sign in to.
> I've filed a support ticket stating the above with geoscaling.com. At the 
> same time we should consider whether we can use a different provider for this 
> entity.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to