Could not create SSL/TLS secure channel #21
Comments
|
Hi @PaulWalkerUK I did not see this issue on my machine so far. Here is my current config on Windows PowerShell 5.1 Here is my config on PSCore |
|
Hello, I did see the same issue and was going to suggest the same change. Name Value PSVersion 5.1.16299.666 Windows 10 |
|
This is what I have: So I'm guessing that my problem is because |
|
While PR #22 fixes the issue, the more I think about it, the more I'm not sure that it's the best solution as it's (potentially) changing the SecurityProtocol for the rest of the Powershell session, whether it's required or not. I've been doing some more reading on the issue, for example, here, here and here. They suggest that if you upgrade to .NET 4.7 then it should work. However, I am already on 4.7, so again, unless there's something 'wrong' with my machine (and maybe @patrick-ryan1's, etc), it suggests it's not quite that simple... I'm thinking it might be cleaner to just attempt to make the call without any changes to settings. If it works, then fine, there's no need to interfere. Only if it fails (and it fails quickly, so it won't be adding a noticeable delay), then make the change, try the call again, then set it back to how it was in the first place, so as not to make any changes for anything else. According to SSL Labs, This would mean adding some code to each What are your thoughts on this? Since it works OK for you, I'm OK with it if you think this is more likely an issue with my machine and that it shouldn't be up to this module to workaround it (in which case #22 should be removed) |
|
Thanks for the input @PaulWalkerUK
In other words:
Thoughts? (Hope it's clear, sorry for my english 🤢 ) |
|
I agree that doing the check on module import is a good idea. At what point are you thinking of making the change? I was thinking of doing doing it immediately before each API call then resetting it back again afterwards (so as not to leave anything changed for longer than necessary) - is this your thinking as well? |
|
Could something like this works ? Not sure if this create other issues... #Get public and private function definition files.
$Public = @(Get-ChildItem -Path $PSScriptRoot\Public\*.ps1 -ErrorAction SilentlyContinue)
$Private = @(Get-ChildItem -Path $PSScriptRoot\Private\*.ps1 -ErrorAction SilentlyContinue)
#Dot source the files
Foreach ($import in @($Public + $Private))
{
TRY
{
. $import.fullname
}
CATCH
{
Write-Error -Message "Failed to import function $($import.fullname): $_"
}
}
# Export all the functions
Export-ModuleMember -Function $Public.Basename -Alias *
# Set Powershell to use TLS v1.2 (minimum supported by SpaceX API)
#[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# LOGIC TO TEST THE SECURITY PROTOCOL
Try{
Get-SXAPI
}catch{
# Make all the SecurityProtocol available
$AllProtocols = [enum]::getvalues([System.Net.SecurityProtocolType])#[System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
} |
|
My problem with changing the setting during import is that it means the module has changed the setting for anything else that happens in the PowerShell session. If you look at I've added some example Pester tests in a demo branch - see commit PaulWalkerUK/SpaceX@87371c6. These changes (only a demo - I'm not suggesting they get used as they are 😄) check what the SecurityProtocol is before the module is loaded then tests are used after the module import and again after the API calls to verify the SecurityProtocol isn't changed. I think tests such as these should always pass, to verify that this module isn't making changes to the wider session. The tests will only work properly in a new PowerShell session I like your idea of checking during the import to see if the change is required, but if it is, then I think we need to change it before each API call then reset it again afterwards. |
|
Ok i see what you mean, I guess we won't have a choice, we'll need to revert back after each call. After searching a bit more, I see PSCore can do the following, but we can't assume people will just use PSCore Invoke-RestMethod -Method POST -Body $Body -Uri $URI -SslProtocol Tls12 |
|
I've added a new commit to my demo branch PaulWalkerUK/SpaceX@f9a83cd. During the module import, it makes a call to This works on my machine and allows my Pester tests to pass. It should work for you because the initial call during module import will succeed, so the flag won't be set therefore your (This is only proof-of-concept code 😉) |
|
In commit PaulWalkerUK/SpaceX@fce98b6, I added the code to Instead of that, in commit PaulWalkerUK/SpaceX@a71e722, I extracted the boiler plate code out into a new private function (This is only proof-of-concept code...) What do you think? I'm happy to work this up into a proper PR if you're happy with the approach |
|
Ah yep i like the approach, sound good to me. Thanks Paul! |
When importing this module and first trying any of the functions, I get:
To resolve this, I have to run this first (taken from https://stackoverflow.com/a/41618979/69698):
Once I've done that, it works fine for the rest of the session. I don't know if this is something particular to my machine/setup?
The text was updated successfully, but these errors were encountered: