[PUP-10889] Explicitly set default ciphersuites to avoid surprises - Puppet Jira Server

XML

Word

Printable

Details

Type: Improvement
Status: Resolved
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: PUP 6.22.0, PUP 7.5.0
Component/s: None
Labels:
- doc_reviewed

Team:
Coremunity
Sprint:
Platform Core KANBAN

Release Notes:
Enhancement
Release Notes Summary:

Hide
Adds a "ciphers" puppet setting to configure which TLS ciphersuites the agent supports. The default set of ciphersuites is the same as what it was before this change, but the list of ciphersuites can be made more restricted if desired, such as to only accept TLS v1.2 or greater ciphersuites.

Show
Adds a "ciphers" puppet setting to configure which TLS ciphersuites the agent supports. The default set of ciphersuites is the same as what it was before this change, but the list of ciphersuites can be made more restricted if desired, such as to only accept TLS v1.2 or greater ciphersuites.

QA Risk Assessment:
Needs Assessment

Description

Puppet uses whatever ciphersuites ruby and the openssl it was compiled with supports. To avoid surprises, puppet should explicitly set what ciphersuites we support and allow it to be configurable.

Attachments

Activity

People

Assignee:: Josh Cooper

Reporter:: Josh Cooper

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2021/02/05 11:11 AM

Updated:: 2021/04/23 11:09 AM

Resolved:: 2021/03/09 12:19 PM