Actions
Bug #37306
closedPuppet server ciphers updated in 2.0 but old ciphers can remain in answers
Status:
Closed
Priority:
Normal
Assignee:
Category:
foreman-installer script
Target version:
-
Difficulty:
Triaged:
Yes
Bugzilla link:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:
Description
In foreman-installer 2.0 we updated the ciphers for puppetserver, but didn't introduce a migration to update existing installations. Users from very old installs will still use the insecure ciphers. This breaks on FIPS and leaves other users more vulnerable than they need to be.
The commit in question was: https://github.com/theforeman/puppet-puppet/commit/8cc4e3094d5bbd6d05d794e087816934e1697a87
Actions