PowerShell Gallery TLS Support

This post was originally published on this site

Summary

To provide the best-in-class encryption to our customers, the PowerShell Gallery has deprecated Transport Layer Security (TLS) versions 1.0 and 1.1 as of April 2020.

The Microsoft TLS 1.0 implementation has no known security vulnerabilities. But because of the potential for future protocol downgrade attacks and other TLS vulnerabilities, we are discontinuing support for TLS 1.0 and 1.1 in the PowerShell Gallery.

For information about how to remove TLS 1.0 and 1.1 dependencies, see the whitepaper Solving the TLS 1.0 problem.

More information

As of April 2020, TLS 1.2 is set to be the default for the PowerShell Gallery.

Please note that TLS 1.0 and 1.1 was already unsupported, but the actual deprecation when PowerShell Gallery will now stop accepting any connections using TLS 1.0 and 1.1 has occurred.

We recommend that all client-server combinations use TLS 1.2 (or a later version) to maintain connection to the PowerShell Gallery.

Work Around

In your PowerShell session run:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Note: This will not permanently update your TLS but will allow you to interact with the PowerShell Gallery during this session.

Errors I Might See

If you are running an older version of TLS and try to interact with the PowerShell Gallery you may see error messages like:

Publishing

+ ...             Publish-PSArtifactUtility @PublishPSArtifactUtility_Param ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidOperation: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : FailedToCreateCompressedModule,Publish-PSArtifactUtility

Installing

+ ...            $null = PackageManagementInstall-Package @PSBoundParameters + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
+ CategoryInfo : ResourceUnavailable: (C:UsersT-Ncho...anagement.nupkg:String) [Install-Package], Exception 
+ FullyQualifiedErrorId : PackageFailedInstallOrDownload,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackage

Concerns and Support

Please open an issue in our GitHub repository or contact our gallery support channel through cgadmin@microsoft.com if you have any concerns, challenges, or are unable to upgrade to TLS 1.2 or above.

 

Sydney Smith

PowerShell Team

 

 

The post PowerShell Gallery TLS Support appeared first on PowerShell.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.