Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cChocoInstaller - Use SSLv3 only for powershell 5 or lower versions #183

Open
wants to merge 1 commit into
base: development
Choose a base branch
from
Open

cChocoInstaller - Use SSLv3 only for powershell 5 or lower versions #183

wants to merge 1 commit into from

Conversation

coderjoe
Copy link

@coderjoe coderjoe commented Feb 8, 2024

Description Of Changes

Update the cChocoInstaller to only use SSLv3 for versions lower than Powershell 6

Motivation and Context

SSLv3 was deprecated and removed in Powershell 6+ resulting in the resource throwing an error:
Exception setting "SecurityProtocol": "The requested security protocol is not supported."

Omitting SSLv3 resolved this issue in Powershell 6 and 7 for my use cases.

Testing

  1. Manually tested in Powershell 7.4.1 and Powershell 5 on Windows Server 2019 Datacenter

Operating Systems Testing

  • Windows Server 2019 Datacenter

Change Types Made

  • Bug fix (non-breaking change).
  • Feature / Enhancement (non-breaking change).
  • Breaking change (fix or feature that could cause existing functionality to change).
  • Documentation changes.
  • PowerShell code changes.

Change Checklist

  • Requires a change to the documentation.
  • Documentation has been updated.
  • Tests to cover my changes, have been added.
  • All new and existing tests passed?
  • PowerShell code changes: PowerShell v2 compatibility checked?

Related Issue

Relates to #182 and possibly #173
Fixes #182

@coderjoe
Copy link
Author

coderjoe commented Feb 8, 2024
edited
Loading

I'd like to add tests for this, but I believe this would require different appveyor setups using different powershell versions (5 or less, 6, and 7). It was not clear to me how to test across multiple powershell versions. I'm happy to update if I could get some guidance on how best to get that done.

@Gijsreyn
Copy link

Would love to see this Pull request get in. I'm facing the same issue, especially now I'm trying out the Guest Configuration.

@Gijsreyn
Copy link

@coderjoe just tested out your change locally.

You've to add the $securityProtocolSettingsOriginal = [System.Net.ServicePointManager]::SecurityProtocol to keep the original. Otherwise it throws an error :)

@coderjoe
Copy link
Author

What a silly thing to miss. Thank you very much for the test @Gijsreyn! Had some local upstaged changes that somehow got missed in the first commit. I'll have to re-test Monday to make sure there isn't anything else I've missed. 👍

cChocoInstaller Use SSLv3 only for Powershell 5 or lower
98da582 
Powershell 6 deprecates and removes SSLv3 from the list of supported
SecurityProtocolTypes. This resultes in the resource throwing an error
on versions 6 or higher.

Resolve the issue by only requesting Ssl3 on versions lower than 6 where
it is still supported.

Fixes: chocolatey#182
Relates to: chocolatey#173
@coderjoe coderjoe force-pushed the bug/skip.ssl3.for.powershell.6plus branch from 5eec933 to 98da582 Compare February 23, 2024 21:55
@Gijsreyn
Copy link

@coderjoe No worries champ. Was already glad you had an open pull request here with the fix :)

@czechdude
Copy link

Why does it take so long to merge? I would like to use it in Azure Policies Guest Configuration as well, but becasue of this, it is not possible.

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

cChoco resource to install Chocolatey does not work in powershell 7.4.1 due to Ssl3 presumption
3 participants
@coderjoe @Gijsreyn @czechdude