#643

Use "[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072"
aaronparker · Mar 20, 2024 · 0174e37 · 0174e37
1 parent 46ee734
commit 0174e37
Show file tree

Hide file tree

Showing 8 changed files with 22 additions and 46 deletions.
diff --git a/.github/workflows/test-main.yml b/.github/workflows/test-main.yml
@@ -89,7 +89,7 @@ jobs:
   #       shell: pwsh
   #       working-directory: "${{ github.workspace }}"
   #       run: |
-  #         [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+  #         [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
   #         Install-PackageProvider -Name "NuGet" -MinimumVersion "2.8.5.208" -Force -ErrorAction "SilentlyContinue"
   #         Install-PackageProvider -Name "PowerShellGet" -MinimumVersion "2.2.5" -Force -ErrorAction "SilentlyContinue"
   #         Set-PSRepository -Name "PSGallery" -InstallationPolicy "Trusted" -ErrorAction "SilentlyContinue"
@@ -105,7 +105,7 @@ jobs:
   #       shell: pwsh
   #       working-directory: "${{ github.workspace }}"
   #       run: |
-  #         [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+  #         [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
   #         Install-PackageProvider -Name "NuGet" -MinimumVersion "2.8.5.208" -Force -ErrorAction "SilentlyContinue"
   #         Install-PackageProvider -Name "PowerShellGet" -MinimumVersion "2.2.5" -Force -ErrorAction "SilentlyContinue"
   #         Set-PSRepository -Name "PSGallery" -InstallationPolicy "Trusted" -ErrorAction "SilentlyContinue"

diff --git a/Evergreen/Private/Invoke-EvergreenRestMethod.ps1 b/Evergreen/Private/Invoke-EvergreenRestMethod.ps1
@@ -67,18 +67,12 @@ public class TrustAllCertsPolicy : ICertificatePolicy {
     }
 }
 "@
-        Write-Verbose -Message "$($MyInvocation.MyCommand): Settings Net.SecurityProtocolType to $SslProtocol."
+        Write-Verbose -Message "$($MyInvocation.MyCommand): Trust all certificates."
         [System.Net.ServicePointManager]::CertificatePolicy = New-Object -TypeName "TrustAllCertsPolicy"
     }
 
     # Use TLS for connections
-    if (($SslProtocol.IsPresent) -and -not(Test-PSCore)) {
-        if ($SslProtocol -eq "Tls13") {
-            $SslProtocol = "Tls12"
-            Write-Warning -Message "$($MyInvocation.MyCommand): Defaulting back to TLS1.2."
-        }
-        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::$SslProtocol
-    }
+    [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
 
     #region Build the Invoke-RestMethod parameters
     $params = @{

diff --git a/Evergreen/Private/Invoke-EvergreenWebRequest.ps1 b/Evergreen/Private/Invoke-EvergreenWebRequest.ps1
@@ -66,18 +66,12 @@ public class TrustAllCertsPolicy : ICertificatePolicy {
     }
 }
 "@
+        Write-Verbose -Message "$($MyInvocation.MyCommand): Trust all certificates."        
         [System.Net.ServicePointManager]::CertificatePolicy = New-Object -TypeName "TrustAllCertsPolicy"
     }
 
     # Use TLS for connections
-    if ($PSBoundParameters.ContainsKey("SslProtocol") -and -not(Test-PSCore)) {
-        if ($SslProtocol -eq "Tls13") {
-            $SslProtocol = "Tls12"
-            Write-Warning -Message "$($MyInvocation.MyCommand): Defaulting back to TLS1.2."
-        }
-        Write-Verbose -Message "$($MyInvocation.MyCommand): Settings Net.SecurityProtocolType to $SslProtocol."
-        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::$SslProtocol
-    }
+    [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
 
     # Build the Invoke-WebRequest parameters
     $params = @{

diff --git a/Evergreen/Private/Save-File.ps1 b/Evergreen/Private/Save-File.ps1
@@ -26,8 +26,7 @@
             $params.SslProtocol = "Tls12"
         }
         else {
-            $SslProtocol = "Tls12"
-            [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::$SslProtocol
+            [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
         }
         Invoke-WebRequest @params
     }

diff --git a/Evergreen/Public/Save-EvergreenApp.ps1 b/Evergreen/Public/Save-EvergreenApp.ps1
@@ -87,7 +87,7 @@ Function Save-EvergreenApp {
         #endregion
 
         # Enable TLS 1.2
-        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+        [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
     }
 
     process {

diff --git a/Evergreen/Shared/Get-GitHubRepoRelease.ps1 b/Evergreen/Shared/Get-GitHubRepoRelease.ps1
@@ -55,9 +55,8 @@ function Get-GitHubRepoRelease {
             try {
                 # Retrieve the releases from the GitHub API
                 # Use TLS for connections
-                $SslProtocol = "Tls12"
-                Write-Verbose -Message "$($MyInvocation.MyCommand): Set TLS to $SslProtocol."
-                [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::$SslProtocol
+                Write-Verbose -Message "$($MyInvocation.MyCommand): Set TLS to 1.2."
+                [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
 
                 # Invoke the GitHub releases REST API
                 # Note that the API performs rate limiting.

diff --git a/ci/GitHub.ps1 b/ci/GitHub.ps1
@@ -8,8 +8,7 @@
 param ()
 
 try {
-    $SslProtocol = "Tls12"
-    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::$SslProtocol
+    [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
     $params = @{
         ContentType        = "application/vnd.github.v3+json"
         ErrorAction        = "SilentlyContinue"

diff --git a/scripts/Test-RestMethod.ps1 b/scripts/Test-RestMethod.ps1
@@ -1,25 +1,16 @@
 
-[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-
+[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
 $Uri = "https://api.github.com/repos/git-for-windows/git1/releases/latest"
 $tempFile = New-TemporaryFile
 
-try {
-    $params = @{
-        Uri             = $Uri
-        Method          = "Get"
-        ContentType     = "application/vnd.github.v3+json"
-        UserAgent       = [Microsoft.PowerShell.Commands.PSUserAgent]::Chrome
-        UseBasicParsing = $true
-        PassThru        = $true
-        OutFile         = $tempFile
-    }
-    $response = Invoke-RestMethod @params
-}
-catch {
-    Write-Warning -Message "$($MyInvocation.MyCommand): REST API call to [$Uri] failed with: $($_.Exception.Response.StatusCode)."
-    Throw $_
-    Break
+$params = @{
+    Uri             = $Uri
+    Method          = "Get"
+    ContentType     = "application/vnd.github.v3+json"
+    UserAgent       = [Microsoft.PowerShell.Commands.PSUserAgent]::Chrome
+    UseBasicParsing = $true
+    PassThru        = $true
+    OutFile         = $tempFile
+    ErrorAction     = "Stop"
 }
-
-$response
+Invoke-RestMethod @params