Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cChoco resource to install Chocolatey does not work in powershell 7.4.1 due to Ssl3 presumption #182

Open
5 tasks done
coderjoe opened this issue Feb 8, 2024 · 1 comment · May be fixed by #183
Open
5 tasks done
Labels

Comments

@coderjoe
Copy link

coderjoe commented Feb 8, 2024

Checklist

  • I have verified this is the correct repository for opening this issue.
  • I have verified no other issues exist related to my problem.
  • I have verified this is not an issue for a specific package.
  • I have verified this issue is not security related.
  • I confirm I am using official, and not unofficial, or modified, Chocolatey products.

What You Are Seeing?

When attempting to install chocolatey using the cChocoInstaller resource and the cChoco package version 2.6.0 in pwsh 7.4.1 the resource fails with the following error:

Resource [InstallChoco] 'Set' error: Exception setting "SecurityProtocol": "The requested security protocol is not supported."

What is Expected?

The resource should run as expected.

How Did You Get This To Happen?

  1. I created the DSC script at the end of this list.
  2. I tried to run the DSC script
  3. I received the error

The relevant DSC configuration:

Configuration CreateDscConfiguration
{
  Import-DscResource -ModuleName cChoco -ModuleVersion 2.6.0.0  # See: https://github.com/chocolatey/cChoco
  
  Node localhost
  {
    cChocoInstaller InstallChoco {
      InstallDir = "C:\ProgramData\chocolatey"
    }
  }
}

System Details

  • Operating System: Windows Server 2019 Datacenter
  • Windows PowerShell version: pwsh 7.4.1
  • Chocolatey CLI Version: -na- install is failing
  • Chocolatey Licensed Extension version: -na-
  • Chocolatey License type: -na-
  • Terminal/Emulator: pwsh.exe

Installed Packages

-na- chocolatey is not yet installed

Output Log

-na- the chocolatey cli isn't able to be installed

Additional Context

Please note that this is different from the existing issue #173 as we are not trying to use DSCv3. We're just using Powershell 7.4.1 with DSCv2. All of our legacy DSC scripts so far work, but this error is preventing our cChoco installation.

I believe the problem to be related to this line in the cChocoInstaller resource which presumes that Ssl3 is available. It was deprecated and attempting to run that line in powershell 7.4.1 produces the error expected.

It will likely have to look up the current running Powershell version and only use Ssl3 in the correct version similar to this change in chocolatey itself: chocolatey/choco#1623

@coderjoe coderjoe added the Bug label Feb 8, 2024
@coderjoe
Copy link
Author

coderjoe commented Feb 8, 2024

It appears this problem happens all the way back in Powershell 6 due to the SSLv3 deprecation/removal. I'm going to take a stab at a PR since this is affecting many of our scripts.

coderjoe pushed a commit to coderjoe/cChoco that referenced this issue Feb 8, 2024
Powershell 6 deprecates and removes SSLv3 from the list of supported
SecurityProtocolTypes. This resultes in the resource throwing an error
on versions 6 or higher.

Resolve the issue by only requesting Ssl3 on versions lower than 6 where
it is still supported.

Fixes: chocolatey#182
Relates to: chocolatey#173
coderjoe pushed a commit to coderjoe/cChoco that referenced this issue Feb 23, 2024
Powershell 6 deprecates and removes SSLv3 from the list of supported
SecurityProtocolTypes. This resultes in the resource throwing an error
on versions 6 or higher.

Resolve the issue by only requesting Ssl3 on versions lower than 6 where
it is still supported.

Fixes: chocolatey#182
Relates to: chocolatey#173
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant