Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10889

Explicitly set default ciphersuites to avoid surprises

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.22.0, PUP 7.5.0
    • Component/s: None
    • Labels:
    • Template:
    • Team:
      Coremunity
    • Sprint:
      Platform Core KANBAN
    • Release Notes:
      Enhancement
    • Release Notes Summary:
      Hide
      Adds a "ciphers" puppet setting to configure which TLS ciphersuites the agent supports. The default set of ciphersuites is the same as what it was before this change, but the list of ciphersuites can be made more restricted if desired, such as to only accept TLS v1.2 or greater ciphersuites.
      Show
      Adds a "ciphers" puppet setting to configure which TLS ciphersuites the agent supports. The default set of ciphersuites is the same as what it was before this change, but the list of ciphersuites can be made more restricted if desired, such as to only accept TLS v1.2 or greater ciphersuites.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Puppet uses whatever ciphersuites ruby and the openssl it was compiled with supports. To avoid surprises, puppet should explicitly set what ciphersuites we support and allow it to be configurable.

       

        Attachments

          Activity

            People

            Assignee:
            josh Josh Cooper
            Reporter:
            josh Josh Cooper
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support