Download command not support TLS 1.2?

makakin commented 2 years ago

Operating System Version: Windows 2016 Exchange and Ubuntu Logger
Deploying via (VirtualBox/VMWare/AWS/Azure/ESXi): ESXi
Vagrant Version (if applicable): N/A

While building the logger host, it hangs on the "Install Fleet" when running ansible.
While building the Exchange host, it hangs on the "Install .NET 4.7.1" when running ansible. After check, it seems the installer are unable to download due to the SSL issue, I am guessing the source web site are changed to require TLS 1.2 inorder to download the binary file.

Logger "ansible/roles/logger/tasks/main.yml"

name: Install Fleet

Always download the latest release of Fleet

curl -s https://api.github.com/repos/fleetdm/fleet/releases | grep 'browser_downloadurl' | grep 'fleet' | cut -d ':' -f 2,3 | tr -d '"' | tr -d ' ' | head -1 | xargs wget --no-check-certificate --progress=bar:force -O fleet.tar.gz curl -s https://api.github.com/repos/fleetdm/fleet/releases | grep 'browser_downloadurl' | grep 'fleetctl' | cut -d ':' -f 2,3 | tr -d '"' | tr -d ' ' | head -1 | xargs wget --no-check-certificate --progress=bar:force -O fleetctl.tar.gz mkdir -p fleet tar -xzf fleetctl.tar.gz -C fleet --strip-components 1 tar -xzf fleet.tar.gz -C fleet --strip-components 1 cp fleet/fleetctl /usr/local/bin/fleetctl && chmod +x /usr/local/bin/fleetctl cp fleet/fleet /usr/local/bin/fleet && chmod +x /usr/local/bin/fleet

Exchange "install-exchange-prerequisites.ps1" `# Install .NET 4.7.1 If (-not(Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full").Release -le 461310) { Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing .NET 4.7.1..." $secondsPassed = 0 Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading .NET 4.7.1..." $ProgressPreference = 'SilentlyContinue'

Invoke-WebRequest -Uri "$dotNetInstallerUrl" -OutFile $dotNetInstallerPath
    Invoke-WebRequest -Uri "$cplusplusInstallerUrl" -OutFile $cplusplusInstallerPath
    Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Running .NET 4.7.1 installer..."
    . $dotNetInstallerPath /q /norestart /log $dotNetInstallLog -Wait
    while (-not(Test-Path $dotNetInstallLog)) {
        Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Waiting for the .NET install log to appear..."
        If ($secondsPassed -eq 0) {
            Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) This usually takes about a minute or so."
        }
        Start-Sleep -Seconds 10
        $secondsPassed += 10
    }`

clong commented 2 years ago

I think https://github.com/clong/DetectionLab/commit/81b3b329728294ac6b89d1571a0b10a8292d8b97 will fix #1

Unfortunately I no longer support the Exchange stuff 😔

https://twitter.com/DetectionLab/status/1477415227796832259

makakin commented 2 years ago

That’s a pity! Anyway, Thank you for your effort and sharing!

clong / DetectionLab

Download command not support TLS 1.2? #792

Always download the latest release of Fleet