To comply with security regulations, TLSv1 and TLSv1.1 are disabled by default in 2021.7.z versions of Puppet Enterprise (PE).
- Solaris 11
CAUTION: For nodes that use TLSv1, using a script to install or upgrade agents can fail if the curl version installed on the node uses OpenSSL earlier than version 1.0. This issue produces an SSL error during any curl connection to the primary server. As a workaround, add
~/.curlrcso that curl calls always use an appropriate cipher.
- In the PE console, navigate to .
On the Configuration data tab, find or add the
ssl_protocolsparameter and set the value to an array of strings representing allowed TLS versions.For example:
["TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1"]
- Click Add data and commit changes.
Run Puppet on the primary server and any
Tip: There are several ways to Run Puppet on demand.