It would be good to isolate where the problem is. You can check the PuppetDB side of things using curl with the additional cert flags discussed at [1]. Can you connect using tlsv1 like the example has? You can also change that last flag from --tlsv1 to --sslv3 to verify that sslv3 is not working after you made the change.
[1] - https://docs.puppetlabs.com/puppetdb/2.2/api/query/curl.html#using-curl-from-remote-hosts-sslhttps -Ryan On Sat, Oct 18, 2014 at 3:35 PM, Stella <[email protected]> wrote: > Hi guys, > > I got so many problems this weekend for my puppet 3.6.2 with dashboard and > puppetdb! > > On PuppetDashboard, I want to check facts for a host, but errro: > > Inventory > Could not retrieve facts from inventory service: SSL_connect returned=1 > errno=0 state=SSLv3 read server session ticket A: tlsv1 alert unknown ca > > Then I did two things, trying to fix: > 1. I followed instruction in this link and add ssl-protocols line to > puppetdb's jetty.ini file: > > http://puppetlabs.com/blog/impact-assessment-sslv3-vulnerability-poodle-attack > > #SSL protocols to use > ssl-protocols = TLSv1, TLSv1.1, TLSv1.2 > > 2. I followed instruction in this link to reinitialize my ssl setup by > running /usr/sbin/puppetdb ssl-setup -f > https://docs.puppetlabs.com/puppetdb/latest/puppetdb-faq.html > > But no luck. Still same problem. Any clue? > > Thanks a million!!! > > Stacey > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/d918a3bb-fe83-4a46-b19a-551687f7a43c%40googlegroups.com > <https://groups.google.com/d/msgid/puppet-users/d918a3bb-fe83-4a46-b19a-551687f7a43c%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAGDMwd3MfGM74Fkeg%3D9K5cGivNPGE85ueiQc5DgsPCA_0RRP%2Bw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
