From 98da5829625bdc28364cd9b447c94230dd2279dc Mon Sep 17 00:00:00 2001
From: Joseph Bauser <joseph.bauser@calero.com>
Date: Thu, 8 Feb 2024 14:38:47 -0500
Subject: [PATCH] cChocoInstaller Use SSLv3 only for Powershell 5 or lower

Powershell 6 deprecates and removes SSLv3 from the list of supported
SecurityProtocolTypes. This resultes in the resource throwing an error
on versions 6 or higher.

Resolve the issue by only requesting Ssl3 on versions lower than 6 where
it is still supported.

Fixes: #182
Relates to: #173
---
 DSCResources/cChocoInstaller/cChocoInstaller.psm1 | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/DSCResources/cChocoInstaller/cChocoInstaller.psm1 b/DSCResources/cChocoInstaller/cChocoInstaller.psm1
index a6c89b2..8e13c48 100644
--- a/DSCResources/cChocoInstaller/cChocoInstaller.psm1
+++ b/DSCResources/cChocoInstaller/cChocoInstaller.psm1
@@ -155,11 +155,20 @@ function Get-FileDownload {
         [ValidateNotNullOrEmpty()]
         [string]$file
     )
+
     # Set security protocol preference to avoid the download error if the machine has disabled TLS 1.0 and SSLv3
     # See: https://chocolatey.org/install (Installing With Restricted TLS section)
-    # Since cChoco requires at least PowerShell 4.0, we have .NET 4.5 available, so we can use [System.Net.SecurityProtocolType] enum values by name.
+    # Since cChoco requires at least PowerShell 4.0, we have .NET 4.5 available, so we can use 
+    # [System.Net.SecurityProtocolType] enum values by name.
     $securityProtocolSettingsOriginal = [System.Net.ServicePointManager]::SecurityProtocol
-    [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12 -bor [System.Net.SecurityProtocolType]::Tls11 -bor [System.Net.SecurityProtocolType]::Tls -bor [System.Net.SecurityProtocolType]::Ssl3
+
+    $tlsVersions = [enum]::GetValues('Net.SecurityProtocolType') | Where-Object { $_ -ge 'Tls' } # Include TLS versions by default
+    $tlsVersions.ForEach({[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor $_})
+
+    # SSLv3 is deprecated in version 6+ so only enable it for earlier versions
+    if ($PSVersionTable.PSVersion.Major -lt 6) {
+        [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor [System.Net.SecurityProtocolType]::Ssl3    
+    }
 
     Write-Verbose "Downloading $url to $file"
     $downloader = new-object -TypeName System.Net.WebClient