The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert protocol version
|Affected Puppet version:||2.7.13||Branch:|
Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com
This issue is currently not available for export. If you are experiencing the issue described below, please file a new ticket in JIRA. Once a new ticket has been created, please add a link to it that points back to this Redmine ticket.
I have a puppet server (CentOS 6.2 / puppet opensource 2.7.13) : medion.chatillon.betrancourt.net I have a puppet client (CentOS 6.2 / puppet opensource 2.7.13) : thomas.test.betrancourt.net : this client is syncing fine with the server
On thomas.test.betrancourt.net, i’ve a virtual machine with CentOS 6.2 / puppet opensource 2.7.13 too. When i’m trying to sync this machine with the puppet server, i’m getting the above error (title of isssue).
I’m using the openssl command openssl s_client -host puppet -port 8140 -cert /var/lib/puppet/ssl/certs/$(hostname -f).pem -key /var/lib/puppet/ssl/private_keys/$(hostname -f).pem -CAfile /var/lib/puppet/ssl/certs/ca.pem which confirms the issue.
On the server, the certificate is nicely generated. The server is configured to auto-sign cert requests.
#2 Updated by Daniel Pittman about 2 years ago
- Status changed from Unreviewed to Needs More Information
This isn’t a Puppet problem, so much as an OpenSSL problem. Your client presumably isn’t advertising TLSv1, but the server will only accept it.
Puppet doesn’t change the default configuration, which should normally default to allowing TLS, but perhaps not on your system. In any case, relaxing the server to accept SSLv3 will resolve your issue.