From e3521776f5c737207bd0930dc174b3e490479b26 Mon Sep 17 00:00:00 2001 From: Jordan Borean Date: Fri, 13 Jul 2018 13:38:24 +1000 Subject: [PATCH] win_chocolatey: add TLSv1.2 support for install phase (#41992) --- .../fragments/win_chocoalatey_install_tls12.yml | 2 ++ lib/ansible/modules/windows/win_chocolatey.ps1 | 11 ++++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/win_chocoalatey_install_tls12.yml diff --git a/changelogs/fragments/win_chocoalatey_install_tls12.yml b/changelogs/fragments/win_chocoalatey_install_tls12.yml new file mode 100644 index 0000000000..39d96008ea --- /dev/null +++ b/changelogs/fragments/win_chocoalatey_install_tls12.yml @@ -0,0 +1,2 @@ +bugfixes: +- win_chocolatey - enable TLSv1.2 support when downloading the Chocolatey installer https://github.com/ansible/ansible/issues/41906 diff --git a/lib/ansible/modules/windows/win_chocolatey.ps1 b/lib/ansible/modules/windows/win_chocolatey.ps1 index c2a4ecbd77..abbf2fdc1a 100644 --- a/lib/ansible/modules/windows/win_chocolatey.ps1 +++ b/lib/ansible/modules/windows/win_chocolatey.ps1 @@ -48,8 +48,17 @@ Function Chocolatey-Install-Upgrade $ChocoAlreadyInstalled = Get-Command -Name "choco.exe" -ErrorAction SilentlyContinue if ($ChocoAlreadyInstalled -eq $null) { + # We need to install chocolatey + # Enable TLS1.1/TLS1.2 if they're available but disabled (eg. .NET 4.5) + $security_protcols = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::SystemDefault + if ([Net.SecurityProtocolType].GetMember("Tls11").Count -gt 0) { + $security_protcols = $security_protcols -bor [Net.SecurityProtocolType]::Tls11 + } + if ([Net.SecurityProtocolType].GetMember("Tls12").Count -gt 0) { + $security_protcols = $security_protcols -bor [Net.SecurityProtocolType]::Tls12 + } + [Net.ServicePointManager]::SecurityProtocol = $security_protcols - #We need to install chocolatey $wc = New-Object System.Net.WebClient; if ($proxy_url) {