Issue #14067 has been updated by Daniel Pittman. Status changed from Unreviewed to Needs More Information
This isn't a Puppet problem, so much as an OpenSSL problem. Your client presumably isn't advertising TLSv1, but the server will only accept it. Puppet doesn't change the default configuration, which should normally default to allowing TLS, but perhaps not on your system. In any case, relaxing the server to accept SSLv3 will resolve your issue. ---------------------------------------- Bug #14067: err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert protocol version https://projects.puppetlabs.com/issues/14067#change-61107 Author: Thomas Bétrancourt Status: Needs More Information Priority: High Assignee: Category: SSL Target version: Affected Puppet version: 2.7.13 Keywords: Branch: I have a puppet server (CentOS 6.2 / puppet opensource 2.7.13) : medion.chatillon.betrancourt.net I have a puppet client (CentOS 6.2 / puppet opensource 2.7.13) : thomas.test.betrancourt.net : this client is syncing fine with the server On thomas.test.betrancourt.net, i've a virtual machine with CentOS 6.2 / puppet opensource 2.7.13 too. When i'm trying to sync this machine with the puppet server, i'm getting the above error (title of isssue). I'm using the openssl command openssl s_client -host puppet -port 8140 -cert /var/lib/puppet/ssl/certs/$(hostname -f).pem -key /var/lib/puppet/ssl/private_keys/$(hostname -f).pem -CAfile /var/lib/puppet/ssl/certs/ca.pem which confirms the issue. On the server, the certificate is nicely generated. The server is configured to auto-sign cert requests. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
