Ask Your Question
1

Is it possible to define which ciphers puppet master can use?

asked 2015-06-03 09:16:01 -0500

shaun666 gravatar image

Hi,

We are using Puppet 2.6 on CentOS v5.5.

For PCI compliance reasons I need to reconfigure Puppet Master so that it does not permit use of SSLv3 and certain weak ciphers:

TLSv1 - DES-CBC-SHA TLSv1 - EDH-RSA-DES-CBC-SHA TLSv11 - DES-CBC-SHA TLSv11 - EDH-RSA-DES-CBC-SHA TLSv12 - DES-CBC-SHA TLSv12 - EDH-RSA-DES-CBC-SHA

Is it possible to reconfigure this version of Puppet so that our system is PCI compliant?

I note SSLv3 can be disabled in Puppet v3.... TIA Shaun

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2015-06-03 12:29:59 -0500

cbarbour gravatar image

The SSL cipher is negotiated between the web-server and the Puppet agent. Given the versions you mention, I suspect you're using Apache / Passenger / Rack to host your Puppetmasters. You would configure the acceptable ciphers in your Apache configuration files.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2015-06-03 09:16:01 -0500

Seen: 297 times

Last updated: Jun 03 '15