Hi All, By default marathon-lb blocks TLS 1.0 protocol [1].
> ssl-default-bind-options no-sslv3 no-tlsv10 no-tls-tickets > > Since wso2am uses TLS v1.0.0, users are unable to login to api-manager publisher ui when sticky sessions are enabled. In order to sticky session to work with wso2am and jdk 1.7.*, we need to enable TLS V1.0.0 in marathon_lb template. Also marathon-lb certificate should be added to client-trust-store of wso2server. As a solution I have created a customized wso2/marathon-lb docker image which has pre loaded with a self signed certificate [2]. This certificate is added to client trust-store via puppet [3]. In production this certificate can be replaced and configure with a proper certificate. I have pushed the customized docker image to docker hub (wso2/marathon-lb:v1.3.1) and changed wso2-mesos-artifacts to use customized image. [1] https://github.com/mesosphere/marathon-lb/blob/master/config.py#L56 [2] https://github.com/wso2/mesos-artifacts/tree/master/common/marathon-lb/docker [3] https://github.com/wso2/puppet-modules/blob/master/modules/wso2base/manifests/import_cert.pp -- *Thanks and Regards,* Anuruddha Lanka Liyanarachchi Software Engineer - WSO2 Mobile : +94 (0) 712762611 Tel : +94 112 145 345 a <[email protected]>[email protected]
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
