Pivotal Knowledge Base

Follow

AWS Elastic Load Balancing Backend SSL to Gorouter

Environment

  • Pivotal Cloud Foundry 1.12
  • Pivotal Cloud Foundry 2.0
  • Elastic Runtime/Pivotal Application Service
  • AWS Elastic Load Balancing

Symptom

After configuring AWS elastic load balancer to forward SSL traffic to Gorouter, the HTTP requests cannot pass into Gorouter successfully.

Gorouters report error logs as tls: no cipher suite supported by both client and server.

It turned out that the default Gorouter cipher suites are not matching elastic load balancer backend cipher suites.

Resolutions

1. Check your configurations of Gorouter cipher suites. Go to PCF 1.12 Elastic Runtime Tile, Networking section.

ELB_Pic_1.jpg

2. Add AWS ELB supported cipher with TLS_RSA_WITH_AES_256_GCM_SHA384

ELB_pic_2.jpg

3. Save and Apply Changes. 

 

Comments

Powered by Zendesk