How to make port 8140 TLS 1.2 compliant in puppet 4?

I have a puppet server and i am trying to make port 8140 compliant for puppet 4.

When i run nmap -sV --script ssl-enum-ciphers -p 8140 <puppet-server> I get the following :

PORT     STATE SERVICE  VERSION
8140/tcp open  ssl/http Jetty 9.2.z-SNAPSHOT
|_http-server-header: Jetty(9.2.z-SNAPSHOT)
| ssl-enum-ciphers: 
|   TLSv1.0: 
|     ciphers: 
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 4096) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 4096) - A
|     compressors: 
|       NULL
|     cipher preference: client
|     warnings: 
|       Forward Secrecy not supported by any cipher

I have checked the entire /etc/puppetlabs directory and still not able to figure out where it is defined. Does anyone know where is it defined in puppet. Thank you.

> How to make port 8140 TLS 1.2 compliant in puppet 4?

As nmap discovered for you, the Puppet server uses a bundled Jetty server to service requests at port 8140. Puppet 4 is so out of date that Puppet, Inc. no longer maintains documentation for it on their web site, but in Puppet 5 (earliest version for which docs are provided) you would configure the supported SSL protocols via the tls-protocols property, and maybe augment that by configuring the supported cipher suites via the cipher-suites property in the HOCON-formatted /etc/puppetlabs/puppetserver/conf.d/webserver.conf configuration file.

The referenced doc links to details of the supported properties and values here: https://github.com/puppetlabs/trapperkeeper-webserver-jetty9/blob/main/doc/jetty-config.md, which in turn links to JDK documentation for full details of the supported values. How much of that pertains to Puppet 4 is unclear to me. Presuming it is supported at all in that version, however, TLS 1.2 will be identified by the name TLSv1.2.