Skip to content

(PA-3974) Increase DH key size for pcp-broker#835

Merged
ciprianbadescu merged 1 commit into
puppetlabs:mainfrom
GabrielNagy:PA-3974/increase-dh-key-size
Sep 6, 2021
Merged

(PA-3974) Increase DH key size for pcp-broker#835
ciprianbadescu merged 1 commit into
puppetlabs:mainfrom
GabrielNagy:PA-3974/increase-dh-key-size

Conversation

@GabrielNagy
Copy link
Copy Markdown
Contributor

@GabrielNagy GabrielNagy commented Sep 3, 2021

Add the 'jdk.tls.ephemeralDHKeySize=2048' JVM option when running pcp-broker, as the default DH key size is too small for openssl 1.1.1k FIPS.

@GabrielNagy GabrielNagy requested a review from a team as a code owner September 3, 2021 09:01
@GabrielNagy GabrielNagy requested a review from a team September 3, 2021 09:01
GabrielNagy added a commit to GabrielNagy/puppet-runtime that referenced this pull request Sep 3, 2021
@GabrielNagy
Revert "(PA-3974) Remove DHE ciphers from openssl 1.1.1 FIPS"
d464329 
This reverts commit 94fe3e2.

Removing the ciphers should no longer be needed after
puppetlabs/pxp-agent#835 is merged.
GabrielNagy added a commit to GabrielNagy/puppet-runtime that referenced this pull request Sep 3, 2021
@GabrielNagy
Revert "(PA-3974) Remove DHE ciphers from openssl 1.1.1 FIPS"
6c074da 
This reverts commit 94fe3e2.

Removing the ciphers should no longer be needed after
puppetlabs/pxp-agent#835 is merged.
@GabrielNagy GabrielNagy mentioned this pull request Sep 3, 2021
Merged
donoghuc
donoghuc reviewed Sep 3, 2021
View reviewed changes
Comment thread acceptance/lib/pxp-agent/test_helper.rb Outdated
donoghuc
donoghuc reviewed Sep 3, 2021
View reviewed changes
Comment thread acceptance/setup/common/050_Setup_Broker.rb Outdated
@GabrielNagy GabrielNagy force-pushed the PA-3974/increase-dh-key-size branch from d9ce442 to 6659854 Compare September 6, 2021 04:57
@GabrielNagy
(PA-3974) Increase DH key size for pcp-broker
6659854 
Add the 'jdk.tls.ephemeralDHKeySize=2048' JVM option when running
pcp-broker, as the default DH key size is too small for openssl 1.1.1k
FIPS.
@ciprianbadescu ciprianbadescu merged commit 3ff221b into puppetlabs:main Sep 6, 2021
@donoghuc
Copy link
Copy Markdown
Contributor

donoghuc commented Sep 7, 2021

Thanks so much @GabrielNagy for tracking this down! Excellent work.

@steveax
Copy link
Copy Markdown
Contributor

steveax commented Sep 7, 2021

Yes, thank you! 🙏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcdonaldseanp mcdonaldseanp mcdonaldseanp approved these changes

+1 more reviewer

@donoghuc donoghuc donoghuc left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@GabrielNagy @donoghuc @steveax @mcdonaldseanp @ciprianbadescu