Jira (PDB-5191) [SPIKE] test puppetdb for TLSv1.3 support

[Austin Blatt (Jira)]

Austin Blatt updated an issue

PuppetDB / PDB-5191 [SPIKE] test puppetdb for TLSv1.3 support Change By: Austin Blatt Acceptance Criteria: - document any failures, if any - create tickets for module(s) work Release Notes: Not Needed Story Points: 2 Summary: [SPIKE] test puppetdb for TLSv1.3 support Add Comment

This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97)

[Austin Blatt (Jira)]

Austin Blatt updated an issue

PuppetDB / PDB-5191 [SPIKE] test puppetdb for TLSv1.3 support

Change By: Austin Blatt Sprint: HAHA/Grooming HA 2021-07-28

Add Comment

[Austin Blatt (Jira)]

Austin Blatt assigned an issue to Austin Blatt

PuppetDB / PDB-5191 [SPIKE] test puppetdb for TLSv1.3 support

Change By: Austin Blatt Assignee: Austin Blatt

Add Comment

[Austin Blatt (Jira)]

Austin Blatt commented on PDB-5191

Re: [SPIKE] test puppetdb for TLSv1.3 support With the proper settings PuppetDB works with TLSv1.3 Configure out jetty.ini file ssl-protocols = TLSv1.3 cipher-suites = TLS_AES_128_GCM_SHA256 and configure puppetserver's webserver.conf webserver: { access-log-config: /etc/puppetlabs/puppetserver/request-logging.xml client-auth: want ssl-host: 0.0.0.0 ssl-port: 8140 ssl-protocols: [TLSv1.3] cipher-suites: [TLS_AES_128_GCM_SHA256] } So updating the defaults in trapperkeeper to include it in the ssl-protocols and adding a cipher suite that works with TLS 1.3 should be sufficient to allow TLSv1.3 by default.

Add Comment

[Austin Blatt (Jira)]

Austin Blatt commented on PDB-5191

Re: [SPIKE] test puppetdb for TLSv1.3 support

The module contains no defaults for those settings, so there's nothing to update there. Both settings are configurable via the module so someone could configure it to use TLSv1.3 now.

Add Comment

[Rob Browning (Jira)]

Rob Browning updated an issue

PuppetDB / PDB-5191

[SPIKE] test puppetdb for TLSv1.3 support

Change By: Rob Browning Fix Version/s: PDB n/a

Add Comment