Affects Version/s: None
Fix Version/s: None
The only hitch I've had was with the Foreman report processor, which
makes an HTTPS connection to Apache with mod_ssl. On new OSes with
modern mod_ssl versions (e.g. EL7 or Ubuntu 14.04), the report processor
fails to make an HTTPS connection from the JVM with the error:
2014-09-26 08:56:09,984 ERROR [puppet-server] Report processor failed:
Could not send report to Foreman at
https://foreman.example.com/api/reports: Could not generate DH keypair
This is a well-known problem between JVM clients and recent mod_ssl
versions, as the DH prime length supported by the JVM is limited.
Adding the DH parameter limits to the server's certificate worked around
Java 8 worked slightly better in that it accepts 2048 bit parameters,
but the default combination is still a problem. I guess it might affect
others using HTTPS from the master.