From 7e5cf2bb1e7df0fa92a310640938f1b810776815 Mon Sep 17 00:00:00 2001 From: Pat Riehecky Date: Wed, 11 Jan 2023 11:52:27 -0600 Subject: [PATCH] Default to TLS1.3 or TLS1.2 by default since puppet supports both --- manifests/init.pp | 2 +- manifests/params.pp | 2 +- manifests/server.pp | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index e3c20204..67d1057b 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -386,7 +386,7 @@ # $server_connect_timeout:: How long the server will wait for a response to a connection attempt # # $server_ssl_protocols:: Array of SSL protocols to use. -# Defaults to [ 'TLSv1.2' ] +# Defaults to [ 'TLSv1.3', 'TLSv1.2' ] # # $server_ssl_chain_filepath:: Path to certificate chain for puppetserver # Only used when $ca is true diff --git a/manifests/params.pp b/manifests/params.pp index 20b834b3..f4feb749 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -379,7 +379,7 @@ 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', ] - $server_ssl_protocols = ['TLSv1.2'] + $server_ssl_protocols = ['TLSv1.3', 'TLSv1.2'] $server_ssl_chain_filepath = undef $server_check_for_updates = true $server_environment_class_cache_enabled = false diff --git a/manifests/server.pp b/manifests/server.pp index bf4188fe..b47488fd 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -217,7 +217,7 @@ # Defaults to the Jetty default of 30s # # $ssl_protocols:: Array of SSL protocols to use. -# Defaults to [ 'TLSv1.2' ] +# Defaults to [ 'TLSv1.3', 'TLSv1.2' ] # # $ssl_chain_filepath:: Path to certificate chain for puppetserver # Defaults to "${ssl_dir}/ca/ca_crt.pem"