Improvement
We recently updated the TLS (HTTPS) configuration for the Forge website and API service. We have removed support for TLS versions 1.0 and 1.1. We have also removed support for various ciphers which are no longer considered secure.
Modern browsers and HTTPS clients should be unaffected by this change, however if you are using a very old browser or client library, you may need to upgrade in order to continue to access the Forge website or API service.
UPDATE 1 (9 July 2021): We have determined that versions of JRuby (and specifically, the bundled jruby-openssl gem) that are included with older releases of puppetserver do not support the new TLS configuration.
Specifically, users of puppetserver releases prior to 6.10.0 may experience errors similar to:
ERROR -> Received fatal alert: handshake_failure
when attempting to deploy environments with r10k.
To resolve this issue, you have two options:
Upgrade
puppetserverto a version >= 6.10.0 (including any 7.x release), this is the recommended option
OR
Run the command
puppetserver gem install jruby-opensslas the appropriate user on any impacted systems to upgrade thejruby-opensslgem in place
If you have any questions or concerns, please email us at forge@puppet.com. Thank you.