You can disable TLSv1 in PE to comply with standards as necessary.
The services running in PE support versions 1, 1.1, and 1.2 of the Transport layer security (TLS) protocol but use TLSv1 by default. The Payment Card Industry Data Security Standard (PCI DSS) requires TLSv1 to be permanently disabled by 30 June, 2018. To comply with PCI DSS, or simply to tighten your own security, disable TLSv1.
PE uses TLSv1 by default because the PXP agent service running on older agents use TLSv1. In PE you can disable TLSv1, but the first step is upgrading your agents to 2017.2 or later.
- Upgrade your *nix or Windows agents to the latest version of PE (must be 2017.2 or later).
- In the console, click
On the Configuration tab, add the following parameter and value:
- Click Add parameter, and commit changes.
- In a monolithic installation, run Puppet on the Puppet master. In a split installation, run Puppet on the Puppet master, console, and PuppetDB nodes.