如何在 Puppet 4 中使端口 8140 兼容 TLS 1.2?

huangapple go评论59阅读模式
英文:

How to make port 8140 TLS 1.2 compliant in puppet 4?

问题

我有一个 Puppet 服务器,正在尝试使端口 8140 与 Puppet 4 兼容。

当我运行 nmap -sV --script ssl-enum-ciphers -p 8140 <puppet-server> 时,我得到以下结果:

PORT STATE SERVICE VERSION
8140/tcp open ssl/http Jetty 9.2.z-SNAPSHOT
|_http-server-header: Jetty(9.2.z-SNAPSHOT)
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 4096) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 4096) - A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Forward Secrecy not supported by any cipher

我已经检查了整个 /etc/puppetlabs 目录,但仍然无法找到它在 Puppet 中是如何定义的。有人知道在 Puppet 中它是在哪里定义的吗?谢谢。

英文:

I have a puppet server and i am trying to make port 8140 compliant for puppet 4.

When i run nmap -sV --script ssl-enum-ciphers -p 8140 <puppet-server> I get the following :

PORT     STATE SERVICE  VERSION
8140/tcp open  ssl/http Jetty 9.2.z-SNAPSHOT
|_http-server-header: Jetty(9.2.z-SNAPSHOT)
| ssl-enum-ciphers: 
|   TLSv1.0: 
|     ciphers: 
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 4096) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 4096) - A
|     compressors: 
|       NULL
|     cipher preference: client
|     warnings: 
|       Forward Secrecy not supported by any cipher

I have checked the entire /etc/puppetlabs directory and still not able to figure out where it is defined. Does anyone know where is it defined in puppet. Thank you.

答案1

得分: 0

如何使Puppet 4中的端口8140兼容TLS 1.2?

正如nmap为您发现的那样,Puppet服务器使用捆绑的Jetty服务器来处理端口8140上的请求。 Puppet 4已经过时,Puppet,Inc.不再在其网站上维护其文档,但在Puppet 5(提供文档的最早版本)中,您可以通过tls-protocols属性配置支持的SSL协议,可能还可以通过HOCON格式的/etc/puppetlabs/puppetserver/conf.d/webserver.conf配置文件中的cipher-suites属性来配置支持的密码套件。

引用的文档链接到支持的属性和值的详细信息,链接在这里:https://github.com/puppetlabs/trapperkeeper-webserver-jetty9/blob/main/doc/jetty-config.md,然后链接到JDK文档以获取支持值的完整详细信息。我不清楚其中多少与Puppet 4有关。但是,假设它在该版本中得到支持,那么TLS 1.2将以名称TLSv1.2来识别。

英文:

> How to make port 8140 TLS 1.2 compliant in puppet 4?

As nmap discovered for you, the Puppet server uses a bundled Jetty server to service requests at port 8140. Puppet 4 is so out of date that Puppet, Inc. no longer maintains documentation for it on their web site, but in Puppet 5 (earliest version for which docs are provided) you would configure the supported SSL protocols via the tls-protocols property, and maybe augment that by configuring the supported cipher suites via the cipher-suites property in the HOCON-formatted /etc/puppetlabs/puppetserver/conf.d/webserver.conf configuration file.

The referenced doc links to details of the supported properties and values here: https://github.com/puppetlabs/trapperkeeper-webserver-jetty9/blob/main/doc/jetty-config.md, which in turn links to JDK documentation for full details of the supported values. How much of that pertains to Puppet 4 is unclear to me. Presuming it is supported at all in that version, however, TLS 1.2 will be identified by the name TLSv1.2.

huangapple
  • 本文由 发表于 2023年6月2日 05:23:50
  • 转载请务必保留本文链接:https://go.coder-hub.com/76385811.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定