KB#0032 Change the SSL protocol of the console service for Puppet Enterprise 2015.x, 2016.1.x to 2016.2.x, and 2016.4.0 to 2016.4.3

Comments

2 comments

  • Avatar
    Rocky Giannini

    Thanks Erik, for the remediation you provided. Your solution fixed this issue for port 443, but not for port 8081. How do I remediate this for port 8081?

    Thanks. 

  • Avatar
    Erik Hansen

    Hi Rocky,

    Are you using the latest version of PE (2017.2.1)?  We now have this document available, which describes setting the allowed protocols for all PE services in one go:

    https://docs.puppet.com/pe/latest/disable_tlsv1.html

    If you are on the 2016.4 series, you can use still use the following in Hiera for PuppetDB and port 8081 specifically:

    puppet_enterprise::puppetdb::jetty_ini::ssl_protocols:
    - "TLSv1.1"
    - "TLSv1.2"

     

Please sign in to leave a comment.