[jira] [Commented] (BROOKLYN-200) Consider using other geo-DNS providers

Fri, 13 May 2016 09:21:12 -0700 

    [ 
https://issues.apache.org/jira/browse/BROOKLYN-200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15282849#comment-15282849
 ] 

John McCabe commented on BROOKLYN-200:
--------------------------------------

This is still an issue, I reached out to geoscaling.com support on the 3rd May 
and they are still working on upgrading the system - didn't give an ETA for 
resolution/replacement.

> Consider using other geo-DNS providers
> --------------------------------------
>
>                 Key: BROOKLYN-200
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-200
>             Project: Brooklyn
>          Issue Type: Improvement
>            Reporter: Sam Corbett
>
> Brooklyn supplies an entity for geo-DNS that uses a service provided by 
> geoscaling.com.  This entity is fundamentally broken because of problems with 
> geoscaling.com's SSL certificate.
> This has been noted in 
> [GeoscalingWebClientTest|https://github.com/sjcorbett/incubator-brooklyn/blob/02c5d33618373fc5ebe891eb485eca084391c540/software/webapp/src/test/java/org/apache/brooklyn/entity/dns/geoscaling/GeoscalingWebClientTest.java#L48-L106],
>  currently disabled. When connecting to the service the following exception 
> is thrown:
> {code}
> javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
>         at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>         at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
>         at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1991)
>         at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1098)
>         at 
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344)
>         at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:721)
> {code}
> The workaround is to import the SSL certificate for geoscaling.com into the 
> JDK's keystore, but this is unpleasant and hardly something we want to 
> recommend to users of Brooklyn.
> Further to this issue, geoscaling.com only uses the RC4 cipher. This is going 
> to be disabled by all major browsers at the beginning of 2016. We will be 
> recommending a service that people's browsers will refuse to sign in to.
> I've filed a support ticket stating the above with geoscaling.com. At the 
> same time we should consider whether we can use a different provider for this 
> entity.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to