To be clear, here's the full list of what's warned about (each of these gets logged six times in succession, which I've deduplicated for brevity *except for the last one* so you can see that there are different addresses being listed).
WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA enabled for InternalSslContextFactory@3900153c[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_DHE_RSA_WITH_AES_256_CBC_SHA enabled for InternalSslContextFactory@3900153c[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA enabled for InternalSslContextFactory@3900153c[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA enabled for InternalSslContextFactory@3900153c[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_RSA_WITH_AES_128_CBC_SHA enabled for InternalSslContextFactory@3900153c[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_RSA_WITH_AES_128_CBC_SHA256 enabled for InternalSslContextFactory@3900153c[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_RSA_WITH_AES_256_CBC_SHA enabled for InternalSslContextFactory@3900153c[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256 enabled for InternalSslContextFactory@3900153c[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256 enabled for InternalSslContextFactory@4f27d2a8[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256 enabled for InternalSslContextFactory@5a789c49[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256 enabled for InternalSslContextFactory@6593530a[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256 enabled for InternalSslContextFactory@71baa8f5[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256 enabled for InternalSslContextFactory@7beb914b[provider=null,keyStore=null,trustStore=null] On Monday, November 9, 2020 at 11:58:30 PM UTC-8 Dan Mahoney wrote: > All, > > This is probably nothing but I've searched the mailing lists and can't > find anything useful about this. We're running our puppetmaster under > FreeBSD at the day job (puppet 6.18), and we see errors like this on > puppetserver startup in the logs: > > WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite > TLS_DHE_RSA_WITH_AES_256_CBC_SHA enabled for > InternalSslContextFactory@7beb914b[provider=null,keyStore=null,trustStore=null] > WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA enabled for > InternalSslContextFactory@3900153c[provider=null,keyStore=null,trustStore=null] > > All in all, each warning is repeated several different times, and there's > probably seven or eight different ciphers. > > Java logging is...a mess, honestly, and it's pretty difficult to separate > signal from noise when you're trying to debug something. > > That said, I see release notes that something changed about weak ciphers > in 6.5, but we're not there yet. > > Is this something I should worry about, or just ignore? > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b5ec5090-810b-4bbc-80b4-cab024b20722n%40googlegroups.com.
