Due to regulatory compliance or other security requirements, you may need to change which cipher suites your SSL-enabled PE services use to communicate with other PE components.
SSL ciphers for core Puppet services
puppet_enterprise::ssl_cipher_suites
parameter. puppet_enterprise::ssl_cipher_suites:
- 'SSL_RSA_WITH_NULL_MD5'
- 'SSL_RSA_WITH_NULL_SHA'
- 'TLS_DH_anon_WITH_AES_128_CBC_SHA'
- 'TLS_DH_anon_WITH_AES_128_CBC_SHA256'
SSL for console services
To add or remove cipher suites for console services affecting traffic on port 443,
use Hiera or the console to change the
puppet_enterprise::profile::console::proxy::ssl_ciphers
parameter.
For example, to change the parameter in the console, in the PE
Console node group, add an array of SSL ciphers to the
ssl_ciphers
parameter in the
puppet_enterprise::profile::console::proxy
class.