Puppet Forge updates
Puppet Forge updates

Updated Forge TLS Config





We recently updated the TLS (HTTPS) configuration for the Forge website and API service. We have removed support for TLS versions 1.0 and 1.1. We have also removed support for various ciphers which are no longer considered secure.

Modern browsers and HTTPS clients should be unaffected by this change, however if you are using a very old browser or client library, you may need to upgrade in order to continue to access the Forge website or API service.

UPDATE 1 (9 July 2021): We have determined that versions of JRuby (and specifically, the bundled jruby-openssl gem) that are included with older releases of puppetserver do not support the new TLS configuration.

Specifically, users of puppetserver releases prior to 6.10.0 may experience errors similar to:

ERROR -> Received fatal alert: handshake_failure

when attempting to deploy environments with r10k.

To resolve this issue, you have two options:

Upgrade puppetserver to a version >= 6.10.0 (including any 7.x release), this is the recommended option


Run the command puppetserver gem install jruby-openssl as the appropriate user on any impacted systems to upgrade the jruby-openssl gem in place

If you have any questions or concerns, please email us at forge@puppet.com. Thank you.