To be clear, here's the full list of what's warned about (each of these gets logged six times in succession, which I've deduplicated for brevity *except for the last one* so you can see that there are different addresses being listed).
WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA enabled for InternalSslContextFactory@3900153c[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_DHE_RSA_WITH_AES_256_CBC_SHA enabled for InternalSslContextFactory@3900153c[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA enabled for InternalSslContextFactory@3900153c[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA enabled for InternalSslContextFactory@3900153c[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_RSA_WITH_AES_128_CBC_SHA enabled for InternalSslContextFactory@3900153c[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_RSA_WITH_AES_128_CBC_SHA256 enabled for InternalSslContextFactory@3900153c[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_RSA_WITH_AES_256_CBC_SHA enabled for InternalSslContextFactory@3900153c[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256 enabled for InternalSslContextFactory@3900153c[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256 enabled for InternalSslContextFactory@4f27d2a8[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256 enabled for InternalSslContextFactory@5a789c49[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256 enabled for InternalSslContextFactory@6593530a[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256 enabled for InternalSslContextFactory@71baa8f5[provider=null,keyStore=null,trustStore=null] WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256 enabled for InternalSslContextFactory@7beb914b[provider=null,keyStore=null,trustStore=null] On Monday, November 9, 2020 at 11:58:30 PM UTC-8 Dan Mahoney wrote: > All, > > This is probably nothing but I've searched the mailing lists and can't > find anything useful about this. We're running our puppetmaster under > FreeBSD at the day job (puppet 6.18), and we see errors like this on > puppetserver startup in the logs: > > WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite > TLS_DHE_RSA_WITH_AES_256_CBC_SHA enabled for > InternalSslContextFactory@7beb914b[provider=null,keyStore=null,trustStore=null] > WARN [async-dispatch-2] [o.e.j.u.s.S.config] Weak cipher suite > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA enabled for > InternalSslContextFactory@3900153c[provider=null,keyStore=null,trustStore=null] > > All in all, each warning is repeated several different times, and there's > probably seven or eight different ciphers. > > Java logging is...a mess, honestly, and it's pretty difficult to separate > signal from noise when you're trying to debug something. > > That said, I see release notes that something changed about weak ciphers > in 6.5, but we're not there yet. > > Is this something I should worry about, or just ignore? > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/b5ec5090-810b-4bbc-80b4-cab024b20722n%40googlegroups.com.
