SSL Error when connecting agent to master

[cmiller76]

Hi,

Disclaimer... I am fairly new to Puppet. :)

I have a puppet master server and a separate CA Server setup in my Puppet infrastructure. This infrastructure is running Puppet version 3.8.4 and has been running fine for the past few weeks. Now, I am trying to connect a SLES 11SP2 linux server to the master, and when Puppet runs I get the following error:

Error: Could not request certificate: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: (null)

I have researched this error message and there is very little information available. Note that the agent server in question is in a completely different environment than other servers that I've had success with. I believe that in this environment the company sys admins have restricted SSL protocol to TSL1 only. However, when I use "openssl s_client" to test the connection from the agent to the master using TSL1, the connection is successful. It is not successful using sslv2 and sslv3. 

Anyone know what this error could mean? Could the agent be trying to connect to the master using sslv2 or sslv3? I'm really stuck and would appreciate any help.

[Felix Frank]

Hi,

a very brief bout of researching lead me to this: https://ask.puppetlabs.com/question/6065/mac-os-x-client-ssl-error-before-caching-ca-cert/

You may be experiencing Ruby/OpenSSL version mismatches as well. Perhaps the workaround of the OP over at ask will help you as well.

Good luck, please report your findings, cheers,
Felix

[cmiller76]

The link you posted worked. I had to go into the ssl.rb file of my ruby package (2.1.7) and change ssl_version to TSLv1. (Note this is slight different then what attached post suggests, as just changing it to sslv3 still did not work.) Thanks again for your help!