Project

General

Profile

Actions
Copy link

Bug #30113

open

foreman puppetdb plugin "SSL_connect returned=1 errno=0 state=error: dh key too small"

Added by Zaiwen Gong about 5 years ago. Updated about 5 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Hi,

I am installing Foreman 2.1 with Puppetsever 6.11 and PuppetDB 6.10. They are all on one machine which is a RedHat 8.2.

Foreman, puppetserver and PuppetDB all install fine. "puppet agent -t" is successful.

Then I install foreman puppetdb plugin:

  1. gedit /etc/foreman-installer/scenarios.d/foreman-answers.yaml
    puppetdb plug in: true
  1. foreman-installer --foreman-initial-admin-password=admin -i -v

The install finished fine. And I log on to Foreman console, go to Administer > Settings > PuppetDB and set puppetdb_address with my PuppetDB address.

Everything seems fine. However, when I click on Foreman console left side "Monitor" -> "PuppetDB Nodes", got error:

"Oops, we're sorry but something went wrong SSL_connect returned=1 errno=0 state=error: dh key too small"

Please advise.

Thanks,
Zaiwen

Actions
Copy link
 #1

Updated by Zaiwen Gong about 5 years ago

After battling it out, I finally found my solution!

The workaround is to manually set PuppetDB's cipher-suites setting to the following list in file /etc/puppetlabs/puppetdb/conf.d/jetty.ini:

TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

I got hints from:
https://github.com/voxpupuli/puppetboard/issues/535
https://tickets.puppetlabs.com/browse/PDB-4513

Actions
Copy link

Also available in: Atom PDF