Configure SSL protocols

You can change what SSL protocols your Puppet Enterprise (PE) infrastructure uses.

Where to configure

In Hiera data files.

In the PE console on the PE Infrastructure node group's Configuration data tab.

Parameter

puppet_enterprise::master::puppetserver::ssl_protocols

Format

Array of strings representing SSL protocols.

Example

This declaration enables TSLv1.3 and TSLv1.2:

puppet_enterprise::master::puppetserver::ssl_protocols: ["TLSv1.3", "TLSv1.2"]

Default

["TLSv1.3", "TLSv1.2"]

To comply with security regulations, only versions 1.2 and 1.3 of the Transport Layer Security (TLS) protocol are enabled. If necessary, you can manually enable TLSv1 and TSLv1.1.

Related information

Enable TLSv1
SSL and certificates
Use a custom SSL certificate for the console
Configure settings with Hiera
Configure settings in the PE console