Default to TLS1.3 or TLS1.2 by default since puppet supports both

theforeman · Jan 11, 2023 · 2835ba2 · 2835ba2
1 parent d1e6b34
commit 2835ba2
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -386,7 +386,7 @@
 # $server_connect_timeout::                 How long the server will wait for a response to a connection attempt
 #
 # $server_ssl_protocols::                   Array of SSL protocols to use.
-#                                           Defaults to [ 'TLSv1.2' ]
+#                                           Defaults to [ 'TLSv1.3', 'TLSv1.2' ]
 #
 # $server_ssl_chain_filepath::              Path to certificate chain for puppetserver
 #                                           Only used when $ca is true

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -379,7 +379,7 @@
     'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
     'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
   ]
-  $server_ssl_protocols                   = ['TLSv1.2']
+  $server_ssl_protocols                   = ['TLSv1.3', 'TLSv1.2']
   $server_ssl_chain_filepath              = undef
   $server_check_for_updates               = true
   $server_environment_class_cache_enabled = false

diff --git a/manifests/server.pp b/manifests/server.pp
@@ -217,7 +217,7 @@
 #                                      Defaults to the Jetty default of 30s
 #
 # $ssl_protocols::                     Array of SSL protocols to use.
-#                                      Defaults to [ 'TLSv1.2' ]
+#                                      Defaults to [ 'TLSv1.3', 'TLSv1.2' ]
 #
 # $ssl_chain_filepath::                Path to certificate chain for puppetserver
 #                                      Defaults to "${ssl_dir}/ca/ca_crt.pem"