Closed LLIAMAH closed 1 month ago
Hi @jimmylewis ! Is there any chance of seeing this bug fixed ? It impacts all people who are forced to use old TLS version for various reasons. Unfortunately in some work environments, software upgrades are not easily done. Thanks 👍
Hi @jimmylewis ! Is there any chance of seeing this bug fixed ? It impacts all people who are forced to use old TLS version for various reasons. Unfortunately in some work environments, software upgrades are not easily done. Thanks 👍
FYI: I've created my own libman visual studio extension package and replaced it on mine system ;). Hardcoded required TLS and got the result.
@LLIAMAH great job ! Why don't you submit it in a pull request 😊
@LLIAMAH great job ! Why don't you submit it in a pull request 😊
Cause it has hardcoded inset for few private cases only. It would be nice to have something like select list to choose required TLS cert in the GUI menu or CLI command, but GUI part didn't loaded properly in my designer view :(.
I'm thinking that this could be done as a setting e.g. do something like libman config --set forcetls12=true
. This way it would only apply to users that need it, and it's an explicit step to configure (it wouldn't happen by accident).
One issue however is that using ServicePointManager.SecurityProtocol
configures the setting for the current application - meaning it could be the libman CLI, or msbuild, or Visual Studio. The latter two make this a non-starter; we can't (shouldn't) just change the security settings for those processes.
@LLIAMAH does it work if you add
httpMessageHandler.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
after line 61 instead? Since I can't reproduce the problem, I can't tell if this would resolve it, but I'm trying to limit the impact to only the libman web requests.
@LLIAMAH I made a draft PR that I think implements this so it addresses my concerns. Can you give it a try and see if it solves the problem for you?
To force TLS 1.2, you need to use the libman CLI to do libman config --set forcetls12=true
. It should then work in any host (CLI/msbuild/VS) with a private build from my PR branch. You can turn it off (revert to default behavior) by doing libman config --set forcetls12=
@LLIAMAH does it work if you add
httpMessageHandler.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
after line 61 instead? Since I can't reproduce the problem, I can't tell if this would resolve it, but I'm trying to limit the impact to only the libman web requests.
Yes. Exactly this one line. But please don't forget to reflect same option in GUI part, too.
The GUI will respect the setting, but the only way to configure libman settings like this for now is to use the CLI to set or unset the value. Implementing a GUI for editing settings would need to be a separate feature.
Describe the bug
Some time ago I got the problem: https://github.com/aspnet/LibraryManager/issues/699 After some actions I received required libs and all was OK, but - in one time I have to add NEW one lib and was surprised that received same error.![image](https://github.com/aspnet/LibraryManager/assets/4736499/e8e1f253-4249-4fbe-9ef6-497dba04b2a4)
I'll checked another libs:
To Reproduce
Steps to reproduce the behavior:
I'm using Visual Studio 2022 latest RELEASED version Win10 Pro latest updates and TLS settings:
libman --version: 2.1.175+29a28921bd.RR
totally clean cache of the libman
Create new Asp.net project and try to get some libs - for me it is enough to reproduce problem.
Expected behavior
Additional context
I started to investigate and TADAM! Problem in security certificates AGAIN! So it is from minor-middle bug, should increase priority and fixed in result, I guess. I don't know why forced set options to TLS 1.2 doesn't work anymore (this helped in past) - may be after installing latest Win10 updates. But in current moment I could take NEW libs ONLY via libman Debug + dependent VS opened solution with this row.
I downloaded libman codes, started it and found that:
I UNDERLINE: that ALL 3 problems of the
are WORKED FINE for me if Row#59 exists. So would be nice to have option to force switching it on.