Puppet Version: 5.3.x
Ruby Version: 2.4.3
Ruby 2.4.3 contains a backported fix to webrick. See https://github.com/ruby/ruby/commit/2e728d51e70ed3756ad760c687a08b8487b0112f
and https://github.com/ruby/ruby/compare/v2_4_2...v2_4_3#diff-5396c7bc1e5154a82bf825e6bf470f80 which breaks puppet master (webrick).
When an agent connects, the SSL handshake succeeds, but the connection fails as soon as the agent sends data. The puppet webrick log shows:
While the agent reports:
If you revert ruby's /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/network/http/webrick.rb back to v2.4.2, then it works ok.