Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2036

neither ssl-protocols nor cipher-suites are respected in http-client

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: SERVER 2.8.0
    • Fix Version/s: SERVER 5.1.5
    • Component/s: Puppet Server
    • Labels:
      None
    • Environment:

      CentOS 7.4
      Puppet AIO 4.10

    • Template:
    • Team:
      Froyo
    • Sprint:
      Platform Core KANBAN
    • Method Found:
      Manual Test
    • Release Notes:
      Not Needed
    • Release Notes Summary:
      Updated documentation in puppetserver.
    • QA Risk Assessment:
      Needs Assessment

      Description

      We are using reporting over HTTPS with ECDSA keys. The default cipher suites do not enable them so according to documentation we could add them to `cipher-suites` in `http-client` in `puppetserver.conf`. However, puppetserver does not seem to pick them up and still tries default non-ECDSA-based ciphers. I also tested setting `ssl-protocols` and it is not respected either. I even put total garbage in those two variables and the `puppetserver` did nothing different. I always did full `puppetserver` restart.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              matthaus Past Haus
              Reporter:
              yoctozepto Radosław Piliszek
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support