[Ach] Recommendation for PuppetDB / JDK
akendo at akendo.eu
Tue Jan 20 20:34:19 CET 2015
You should not have this services (puppet master/ puppetdb ) expose
directly. use a webservice like nginx/apache to proxy this. There you
can harden the SSL/TLS option.
On 11/21/2014 02:47 PM, Aaron Zauner wrote:
> Hi Tim
> Tim wrote:
>> Hey guys,
>> first of all, thanks for your greate guide!
>> I'm running PuppetDB which is a software running in a JVM. It supports
>> SSL crypted connections
>> and uses the JDK crypto provider
>> ). Can anybody of you recommend secure settings for PuppetDB/JDK in general?
> Is there anything that the recommendations in our paper do not reflect
> w.r.t. PuppetDB? I use it myself, it's pretty much just setting the
> proper JVM ciphersettings. If you use Java7-8 there should not be much
> of an issue.
> Ach mailing list
> Ach at lists.cert.at
More information about the Ach