Chef Server 12.11.0 Released

Chef Release Announcements
1

Ohai Chefs,

Today we’ve released Chef 12.11.0. This release contains 3 new API endpoints that make it easier to have your Chef Server proxy data-collector and compliance profile requests to an upstream server while still using Chef Server’s request authentication mechanism.

As always, see the RELEASE_NOTES[0] and CHANGELOG[1] for full details.

Sincerly,

Steven Danna
Software Engineer, Chef

[0] https://github.com/chef/chef-server/blob/12.11.0/RELEASE_NOTES.md
[1] https://github.com/chef/chef-server/blob/12.11.0/CHANGELOG.md

2

Important addendum that affects both this release and 12.10.0:

if you are running Push Server 1.1 this upgrade will remove an SSL protocol from Chef Server that is still required by Push Server versions prior to 2.1. Prior to upgrading - or to resolve this issue if you have already upgraded - please edit /etc/opscode/chef-server.rb on your Chef Server node and add the following:

nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2"
nginx['ssl_ciphers'] = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"

Finally, run chef-server-ctl reconfigure on that node to pick up the changes.

This will reinstate the older version of both the ciphers and the SSL protocols.

We apologize for this regression and will work to avoid similar problems in the future.