[Ach] Recommendation for PuppetDB / JDK

Akendo akendo at akendo.eu
Tue Jan 20 20:34:19 CET 2015

You should not have this services (puppet master/ puppetdb ) expose
directly. use a webservice like nginx/apache to proxy this. There you
can harden the SSL/TLS option.

best regards

On 11/21/2014 02:47 PM, Aaron Zauner wrote:
> Hi Tim
> Tim wrote:
>> Hey guys,
>> first of all, thanks for your greate guide!
>> I'm running PuppetDB which is a software running in a JVM. It supports
>> SSL crypted connections
>> (https://docs.puppetlabs.com/puppetdb/latest/configure.html#cipher-suites)
>> and uses the JDK crypto provider
>> (https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SupportedCipherSuites
>> ). Can anybody of you recommend secure settings for PuppetDB/JDK in general?
> Is there anything that the recommendations in our paper do not reflect
> w.r.t. PuppetDB? I use it myself, it's pretty much just setting the
> proper JVM ciphersettings. If you use Java7-8 there should not be much
> of an issue.
> Aaron
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach

More information about the Ach mailing list