Problem: My company wants us to limit TLS to version 1.2 or greater and for 1.2, these cipher suites:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_GCM_SHA384
For puppet, port 8140, and foreman proxy, port 9090, each has two of the allowed ciphers, but some not allowed. I modified the custom-hiera.yaml file, but I don’t see a section for puppet nor allowed ciphers for foreman-proxy - just disallowed ciphers for proxy. Are there settings for puppet and allowed ciphers for proxy? Or is there another way to achieve this? Do I even need port 9090 with a stand-alone satellite server?
Expected outcome: Able to allow the desired ciphers for each service.
Foreman and Proxy versions: foreman 3.0.1-1, katello 4.2.1-1
Foreman and Proxy plugin versions:
Distribution and version: CentOS 7.9
Other relevant data: