sdk-emulator-ssl missing vNext Linux emulator coverage — 100% emulator failure rate (all profiles)
| Field |
Value |
| GitHub |
#30 |
| Type |
Rule Enhancement |
| Target Rule |
sdk-emulator-ssl |
| Action |
Add vNext Linux emulator coverage — current rule only covers legacy Windows emulator |
| Severity |
HIGH |
| Hit Rate |
100% of emulator-config runs |
| Profiles |
All 8 profiles (P01/R04, P02/R04, P06/R05 confirmed generating emulator config) |
| Labels |
enhancement, SCOPE, agent-kit, rule:sdk, emulator |
Summary
The vNext Linux Cosmos DB emulator requires --protocol https to force TLS at the Netty transport layer. Without it, the Java SDK fails with NotSslRecordException on connection. The current sdk-emulator-ssl rule only covers the classic Windows emulator. Additionally, preferred-regions: eastus breaks emulator connections (DNS failure for localhost).
Evidence
Profiles generating emulator Docker config: P01/R04, P02/R04, P06/R05
All missing --protocol https
Incorrect Pattern
docker run mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator:vnext-preview
# Java SDK connects → SSL handshake fails
# WRONG — causes DNS failure on localhost
spring:
cloud:
azure:
cosmos:
preferred-regions: eastusCorrect Pattern
docker run --detach --publish 8081:8081 --publish 1234:1234 \
--name cosmosdb-emulator \
mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator:vnext-preview \
--protocol https # REQUIRED for Java SDK TLS
# CORRECT — empty or omit for emulator
spring:
cloud:
azure:
cosmos:
preferred-regions:Runtime Error
io.netty.handler.ssl.NotSslRecordException:
not an SSL/TLS record: the content type is [0x48]
Impact
- 100% emulator failure rate: every run that generated emulator config failed on SSL
- Blocks local development: developers cannot test against emulator without manual Docker flag fix
- Secondary DNS failure:
preferred-regions: eastus causes additional connection errors on localhost
Recommended Fix
Add vNext Linux emulator section to sdk-emulator-ssl:
vNext Linux Emulator requires --protocol https.
The vNext Linux emulator (azure-cosmos-emulator:vnext-preview) defaults to HTTP. The Java SDK requires TLS — add --protocol https to your Docker run command.
Also: Remove or empty preferred-regions when connecting to the emulator. Setting preferred-regions: eastus causes DNS resolution failures for localhost connections.
sdk-emulator-ssl missing vNext Linux emulator coverage — 100% emulator failure rate (all profiles)
sdk-emulator-sslenhancement,SCOPE,agent-kit,rule:sdk,emulatorSummary
The vNext Linux Cosmos DB emulator requires
--protocol httpsto force TLS at the Netty transport layer. Without it, the Java SDK fails withNotSslRecordExceptionon connection. The currentsdk-emulator-sslrule only covers the classic Windows emulator. Additionally,preferred-regions: eastusbreaks emulator connections (DNS failure for localhost).Evidence
Profiles generating emulator Docker config: P01/R04, P02/R04, P06/R05
All missing
--protocol httpsIncorrect Pattern
docker run mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator:vnext-preview # Java SDK connects → SSL handshake failsCorrect Pattern
docker run --detach --publish 8081:8081 --publish 1234:1234 \ --name cosmosdb-emulator \ mcr.microsoft.com/cosmosdb/linux/azure-cosmos-emulator:vnext-preview \ --protocol https # REQUIRED for Java SDK TLSRuntime Error
Impact
preferred-regions: eastuscauses additional connection errors on localhostRecommended Fix
Add vNext Linux emulator section to
sdk-emulator-ssl: