Allow SecurityProtocol to be specified for a repo #21
Conversation
A parameter (securityprotocols) has been added to the psrepository type which will accept a list of security protocols that the repository will accept, the list can contain any values can be specified for the ServicePointManager.SecurityProtocol Property (see https://docs.microsoft.com/en-us/dotnet/api/system.net.servicepointmanager.securityprotocol) e.g. psrepository { 'psrepo': ensure => present, source_location => 'https://local.repo.domain/', installation_policy => 'trusted', securityprotocols => [ TLS11, TLS12 ] } This is to resolve an SSL connection issue that can occur if the PowerShell repository enforces the use of a specific TLS version, but the Windows client has a default protocol version that is lower.
|
Hi @palintir, sorry for the delayed response. Thinking about this would it make sense to just set TLS 1,2 and 3 support by default for all commands - that way we aren't reliant on the psrepository being in the catalog for the package commands to work. What do you think? |
|
@hbuckle I was initially going to do this but I was concerned that it might cause issues for others, so I decided to make it user controllable, but I have no objections to doing it this way if that's what you suggest. |
|
The only issue I can think of would be if you wanted to prevent connections to TLS1.0 or TLS 1.1 repos. |
A parameter (securityprotocols) has been added to the psrepository type
which will accept a list of security protocols that the repository will
accept, the list can contain any values can be specified for the
ServicePointManager.SecurityProtocol Property (see
https://docs.microsoft.com/en-us/dotnet/api/system.net.servicepointmanager.securityprotocol)
e.g.
This is to resolve an SSL connection issue that can occur if the
PowerShell repository enforces the use of a specific TLS version, but
the Windows client has a default protocol version that is lower.