Open casdev-github opened 7 years ago
puppet agent --version
3.8.6
centos 6.9
on the master/ca server you need to run: puppet cert clean client-certname on the client rm -rf /var/lib/puppet/ssl then on the client: puppet agent --server servername --waitforcert 60
https://www.madboa.com/geek/openssl/#how-do-i-find-out-what-openssl-version-i-m-running https://www.madboa.com/geek/openssl/
Name : openssl Arch : i686 Version : 1.0.1e Release : 48.el6_8.3 Size : 3.9 M Repo : installed From repo : RHEL6-2H16.3
Name : openssl Arch : i686 Version : 0.9.8e Release : 42.el5_11 Size : 3.9 M Repo : installed
Name : openssl Arch : x86_64 Version : 1.0.1e Release : 57.el6 Size : 4.1 M Repo : installed From repo : RHEL6-2H16.10
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ https://www.openssl.org/news/cl102.txt https://unix.stackexchange.com/questions/333877/how-to-find-which-key-exactly-dh-key-too-small-openssl-error-is-about https://github.com/rapid7/metasploit-framework/issues/6783 Following these findings, we have started to more aggressively revise the cryptographic defaults in OpenSSL. The following changes are either already released or coming up in the next releases of our supported stable branches.
Changes affecting OpenSSL 1.0.1 and OpenSSL 1.0.2: OpenSSL clients will reject connections with DH parameters shorter than 768 bits. As an unfortunately large number of servers use 768-bit parameters still, we’ll be giving them a short grace period to upgrade, with a keen eye out to raising the limit to 1024 bits soon. [OpenSSL 1.0.2b (next release), OpenSSL 1.0.1n (next release)] Export cipher suites are disabled by default. [OpenSSL 1.0.2a (current release), OpenSSL 1.0.1m (current release)] The openssl dhparam tool generates 2048-bit DH parameters by default. [OpenSSL 1.0.2 (all releases), OpenSSL 1.0.1n (next release)]. You can use an earlier version of the tool to generate secure parameters as well - just make sure to specify the bitlength explicitly:
PuppetMaster ngenable localhost mco puppet enable -I nodeHostName
RUN:: USING HOST nodeHostName
RUN:: mco puppet enable -I nodeHostName
| [ > ] 0 / 1 Summary of Enabled: No aggregate summary could be computed Finished processing 0 / 1 hosts in 22002.52 ms No response from: nodeHostName