Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Here is the update in openssl that breaks puppet

rpm -q --changelog openssl

* Wed Oct 05 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-52
- deprecate and disable verification of insecure hash algorithms
- disallow DH keys with less than 1024 bits in TLS client
- remove support for weak and export ciphersuites
- use correct digest when exporting keying material in TLS1.2 (#1376741)

I can confirm that downgrading to 1.0.1e-48 resolved the error

err: Could not request certificate: unknown message digest algorithm

Here is the update in openssl that breaks puppet

rpm -q --changelog openssl

* Wed Oct 05 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-52
- deprecate and disable verification of insecure hash algorithms
- disallow DH keys with less than 1024 bits in TLS client
- remove support for weak and export ciphersuites
- use correct digest when exporting keying material in TLS1.2 (#1376741)

I can confirm that downgrading to 1.0.1e-48openssl-1.0.1e-48 resolved the errorerror with puppet-2.7.26-1

err: Could not request certificate: unknown message digest algorithm