Skip to content

Commit

Permalink
cChocoInstaller Use SSLv3 only for Powershell 5 or lower
Browse files Browse the repository at this point in the history
Powershell 6 deprecates and removes SSLv3 from the list of supported
SecurityProtocolTypes. This resultes in the resource throwing an error
on versions 6 or higher.

Resolve the issue by only requesting Ssl3 on versions lower than 6 where
it is still supported.

Fixes: chocolatey#182
Relates to: chocolatey#173
  • Loading branch information
Joseph Bauser committed Feb 23, 2024
1 parent f583fee commit 98da582
Showing 1 changed file with 11 additions and 2 deletions.
13 changes: 11 additions & 2 deletions DSCResources/cChocoInstaller/cChocoInstaller.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -155,11 +155,20 @@ function Get-FileDownload {
[ValidateNotNullOrEmpty()]
[string]$file
)

# Set security protocol preference to avoid the download error if the machine has disabled TLS 1.0 and SSLv3
# See: https://chocolatey.org/install (Installing With Restricted TLS section)
# Since cChoco requires at least PowerShell 4.0, we have .NET 4.5 available, so we can use [System.Net.SecurityProtocolType] enum values by name.
# Since cChoco requires at least PowerShell 4.0, we have .NET 4.5 available, so we can use
# [System.Net.SecurityProtocolType] enum values by name.
$securityProtocolSettingsOriginal = [System.Net.ServicePointManager]::SecurityProtocol
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12 -bor [System.Net.SecurityProtocolType]::Tls11 -bor [System.Net.SecurityProtocolType]::Tls -bor [System.Net.SecurityProtocolType]::Ssl3

$tlsVersions = [enum]::GetValues('Net.SecurityProtocolType') | Where-Object { $_ -ge 'Tls' } # Include TLS versions by default
$tlsVersions.ForEach({[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor $_})

# SSLv3 is deprecated in version 6+ so only enable it for earlier versions
if ($PSVersionTable.PSVersion.Major -lt 6) {
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor [System.Net.SecurityProtocolType]::Ssl3
}

Write-Verbose "Downloading $url to $file"
$downloader = new-object -TypeName System.Net.WebClient
Expand Down

0 comments on commit 98da582

Please sign in to comment.