Jira (PUP-10889) Explicitly set default ciphersuites to avoid surprises

[Josh Cooper (Jira)]

Josh Cooper created an issue

Puppet / PUP-10889 Explicitly set default ciphersuites to avoid surprises Issue Type: Improvement Assignee: Unassigned Created: 2021/02/05 11:11 AM Priority: Normal Reporter: Josh Cooper Puppet uses whatever ciphersuites ruby and the openssl it was compiled with supports. To avoid surprises, puppet should explicitly set what ciphersuites we support and allow it to be configurable.   Add Comment

This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)

[Josh Cooper (Jira)]

Josh Cooper assigned an issue to Josh Cooper

Puppet / PUP-10889 Explicitly set default ciphersuites to avoid surprises

Change By: Josh Cooper Assignee: Josh Cooper

Add Comment

[Josh Cooper (Jira)]

Josh Cooper updated an issue

Puppet / PUP-10889 Explicitly set default ciphersuites to avoid surprises

Change By: Josh Cooper Team: Coremunity

Add Comment

[Josh Cooper (Jira)]

Josh Cooper updated an issue

Puppet / PUP-10889 Explicitly set default ciphersuites to avoid surprises

Change By: Josh Cooper Sprint: Platform Core KANBAN

Add Comment

[Josh Cooper (Jira)]

Josh Cooper updated an issue

Puppet / PUP-10889 Explicitly set default ciphersuites to avoid surprises

Change By: Josh Cooper Fix Version/s: PUP 7.5.0 Fix Version/s: PUP 6.22.0

Add Comment

[Josh Cooper (Jira)]

Josh Cooper updated an issue

Puppet / PUP-10889 Explicitly set default ciphersuites to avoid surprises

Change By: Josh Cooper Release Notes: Enhancement Release Notes Summary: Adds a "ciphers" puppet setting to configure which TLS ciphersuites the agent supports. The default set of ciphersuites is the same as what it was before this change, but the list of ciphersuites can be made more restricted if desired, such as to only accept TLS v1.2 ciphersuites.

Add Comment

[Josh Cooper (Jira)]

Josh Cooper commented on PUP-10889

Re: Explicitly set default ciphersuites to avoid surprises Merged to 6.x in 60b3fb66dc

Add Comment

[Josh Cooper (Jira)]

Josh Cooper updated an issue

Puppet / PUP-10889

Explicitly set default ciphersuites to avoid surprises

Change By: Josh Cooper Release Notes Summary: Adds a "ciphers" puppet setting to configure which TLS ciphersuites the agent supports. The default set of ciphersuites is the same as what it was before this change, but the list of ciphersuites can be made more restricted if desired, such as to only accept TLS v1.2 or greater ciphersuites.

Add Comment

[Josh Cooper (Jira)]

Josh Cooper commented on PUP-10889

Re: Explicitly set default ciphersuites to avoid surprises passed CI in 8dfa86988b

Add Comment

[Claire Cadman (Jira)]

Claire Cadman updated an issue

Puppet / PUP-10889

Explicitly set default ciphersuites to avoid surprises

Change By: Claire Cadman Labels: doc_reviewed

Add Comment