Enable TLSv1
To comply with security regulations, TLSv1 and TLSv1.1 are disabled by default in 2021.7.z versions of Puppet Enterprise (PE).
- AIX
- Solaris 11
CAUTION: For nodes that use TLSv1, using a script to install or upgrade
agents can fail if the curl version installed on the node uses OpenSSL earlier than
version 1.0. This issue produces an SSL error during any curl connection to the
primary server. As a workaround, add
--ciphers
AES256-SHA
to ~/.curlrc
so that curl
calls always use an appropriate cipher.
Related information