Skip to content

Commit

Permalink
Enforce SSLv3 java opts for CLI (#25)
Browse files Browse the repository at this point in the history 
I've been experiencing an intermittent `bad_record_mac` error when
trying to index documents into cloud.
This error only occurs if I don't provide a ca_fingerprint. It seems to
be an issue with the SSL/TLS handshake.

After some digging I found a [similar
issue](https://support.sonatype.com/hc/en-us/articles/213464078-HTTPS-SSL-deploy-fails-with-Received-fatal-alert-bad-record-mac),
and that person resolved it by enforcing SSLv3.

Before adding these opts, the error occurred 9/10 times (it didn't occur
on the first run for unknown reasons).
After adding these opts, the error occurred 0/10 times.

I've added the opts to the CLI entry file so they are enforced for all
Crawler actions without relying on command line args.
  • Loading branch information
@navarone-feekery
navarone-feekery authored May 23, 2024
1 parent e042bef commit c06c6a4
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions bin/crawler
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,11 @@ require 'yaml'
require_relative File.expand_path('../../lib/environment', __FILE__)
require 'crawler/cli'

java_import 'java.lang.System'

# These opts are to prevent an intermittent `bad_record_mac` error when indexing into ES.
# One workaround is to force use of SSLv3 only.
System.setProperty('force.http.jre.executor', 'true')
System.setProperty('https.protocols', 'SSLv3')

Dry::CLI.new(Crawler::CLI).call

0 comments on commit c06c6a4

Please sign in to comment.