Module Version: 5.3.0
Puppet Version: 5.5.17 (but affects all?)
OS Name/Version: CentOS 7 (but affects all other than RHEL8?)
The ssl_protocol default setting has been changed to permit all protocols, rather than excluding SSLv2 and SSLv3 as it did previously.
Desired Behavior: Exclude SSLv2 and SSLv3 from permitted protocols
FM-8721 changed the ssl_protocol default to ['all'] instead of ['all', '-SSLv2', '-SSLv3'].
The fix for RedHat 8 should set this only for this platform (plus other suitable platforms), via the params class. All other supported platforms should not have this changed to include SSLv2 and SSLv3.
(Yes, this can be set explicitly, but the default was desirable on most platforms and this is a regression from what I can see)