From 1d5f2111e39fae973cea69925dfdc1b4c37835c5 Mon Sep 17 00:00:00 2001 From: Pat Riehecky Date: Tue, 10 Jan 2023 13:14:29 -0600 Subject: [PATCH] Default to TLS1.3 or TLS1.2 by default since puppet supports both --- manifests/init.pp | 2 +- manifests/params.pp | 2 +- manifests/server.pp | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 5352f0df..5f459212 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -386,7 +386,7 @@ # $server_connect_timeout:: How long the server will wait for a response to a connection attempt # # $server_ssl_protocols:: Array of SSL protocols to use. -# Defaults to [ 'TLSv1.2' ] +# Defaults to [ 'TLSv1.3', 'TLSv1.2' ] # # $server_ssl_chain_filepath:: Path to certificate chain for puppetserver # Only used when $ca is true diff --git a/manifests/params.pp b/manifests/params.pp index 4eab6d50..a4f89851 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -387,7 +387,7 @@ 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', ] - $server_ssl_protocols = [ 'TLSv1.2' ] + $server_ssl_protocols = [ 'TLSv1.3', 'TLSv1.2' ] $server_ssl_chain_filepath = undef $server_check_for_updates = true $server_environment_class_cache_enabled = false diff --git a/manifests/server.pp b/manifests/server.pp index fc94aa87..a296d01b 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -217,7 +217,7 @@ # Defaults to the Jetty default of 30s # # $ssl_protocols:: Array of SSL protocols to use. -# Defaults to [ 'TLSv1.2' ] +# Defaults to [ 'TLSv1.3', 'TLSv1.2' ] # # $ssl_chain_filepath:: Path to certificate chain for puppetserver # Defaults to "${ssl_dir}/ca/ca_crt.pem"