search

CiscoCX / CiscoTacFirstResponder-Anyconnect

Cisco TAC First Responder script for Anyconnect. The hosted scripts streamline generation and transmission of diagnostic (DART) bundles from a user's computer to Cisco TAC.
MIT License
1 stars 0 forks source link

SSL/TLS Error when running the script on Window Server #1

Open msharma24 opened 2 years ago

msharma24 commented 2 years ago

Issue: When running the script on Windows Powershell the user gets SSL/TLS Error

Script

$CxdToken = '4XXXXXmXgXXXX'
$CxdUsername = 'XXXXXXXX'
Invoke-Expression -Command ((Invoke-WebRequest -uri "https://raw.githubusercontent.com/CiscoCX/CiscoTacFirstResponder-Anyconnect/main/anyconnect-windows.ps1" -UseBasicParsing).Content)

Output 

Invoke-WebRequest : The request was aborted: Could not create SSL/TLS secure channel.
At line:3 char:30
+ ...  -Command ((Invoke-WebRequest -uri "https://raw.githubusercontent.com ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], Web
   eption
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

Cause Windows Powershell uses TLS 1.0 by default and the github website uses TLS 1.2 and TLS1.2 . TLS1.0 is long gone https://www.cdn77.com/tls-test/result?domain=https%3A%2F%2Fgithub.com

In order to fix the issue, the user must enable the TLS 1.2 and 1.3 on the CLI before running the script

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls, [Net.SecurityProtocolType]::Tls11, [Net.SecurityProtocolType]::Tls12, [Net.SecurityProtocolType]::Ssl3
[Net.ServicePointManager]::SecurityProtocol = "Tls, Tls11, Tls12, Ssl3"