Merge branch 'fix-ssl-protocols'

* fix-ssl-protocols:
  Add ssl_protocol param to puppetdb & puppetdb::server classes

Author: kbarber

README.md

@@ -216,6 +216,10 @@ If true, the puppetdb web server will only serve HTTP and not HTTPS requests (de
 
 If true, open the ssl_listen\_port on the firewall (defaults to true).
 
+####`ssl_protocols`
+
+specify the supported SSL protocols for PuppetDB (e.g. TLSv1, TLSv1.1, TLSv1.2.)
+
 ###`manage_dbserver`
 
 If true, the PostgreSQL server will be managed by this module (defaults to true).

manifests/init.pp

@@ -17,6 +17,7 @@
   $ssl_key                   = $puppetdb::params::ssl_key,
   $ssl_cert                  = $puppetdb::params::ssl_cert,
   $ssl_ca_cert               = $puppetdb::params::ssl_ca_cert,
+  $ssl_protocols             = $puppetdb::params::ssl_protocols,
   $manage_dbserver           = $puppetdb::params::manage_dbserver,
   $database                  = $puppetdb::params::database,
   $database_host             = $puppetdb::params::database_host,
@@ -74,6 +75,7 @@
     ssl_key                  => $ssl_key,
     ssl_cert                 => $ssl_cert,
     ssl_ca_cert              => $ssl_ca_cert,
+    ssl_protocols            => $ssl_protocols,
     database                 => $database,
     database_host            => $database_host,
     database_port            => $database_port,

manifests/server.pp

@@ -16,6 +16,7 @@
   $ssl_key                  = $puppetdb::params::ssl_key,
   $ssl_cert                 = $puppetdb::params::ssl_cert,
   $ssl_ca_cert              = $puppetdb::params::ssl_ca_cert,
+  $ssl_protocols            = $puppetdb::params::ssl_protocols,
   $database                 = $puppetdb::params::database,
   $database_host            = $puppetdb::params::database_host,
   $database_port            = $puppetdb::params::database_port,
@@ -193,6 +194,7 @@
     ssl_key_path       => $ssl_key_path,
     ssl_cert_path      => $ssl_cert_path,
     ssl_ca_cert_path   => $ssl_ca_cert_path,
+    ssl_protocols      => $ssl_protocols,
     disable_ssl        => $disable_ssl,
     confdir            => $confdir,
     max_threads        => $max_threads,