pkjaer / tridion-powershell-modules

Windows PowerShell module allowing management of SDL Tridion (Content Management System) from the command line
13 stars 14 forks source link

TLS 1.2 support #48

Open jhorsman opened 5 years ago

jhorsman commented 5 years ago

Problem: After a Windows update the Tridion-CoreService module does not work anymore over SSL.

A Windows Server update (I think released in October 2018) forces us to use TLS 1.2 on the SDL Web Core Service when using SSL.

When connecting using SSL with the Tridion-CoreService module I get an error message like this:

Exception calling "GetCurrentUser" with "0" argument(s): "An error occurred while making the HTTP request to https://hostname/webservices/CoreService201501.svc/basicHttp. This could be due to the fact that the server certificat
e is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security b
inding between the client and the server."
At C:\Program Files\WindowsPowerShell\Modules\Tridion-CoreService\2.4.2\Trustees.psm1:14 char:9
+     return $Client.GetCurrentUser();
+            ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : CommunicationException

After some experimentation I found that setting System.Net.ServicePointManager.SecurityProtocol to TLS 1.2 does the trick. Apparently now we need explictly set this.

It works with this sample code.

Import-Module Tridion-CoreService -Verbose:$false
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;
Set-TridionCoreServiceSettings -HostName "hostname" -Credential (Get-Credential) -ConnectionType Basic-SSL -CredentialType Default -Version Web-8.5
Get-TridionUser -Current

Proposed Solution: Can we have this line of code in the Tridion-CoreService modules?

Alternatively this line of code works as well, but I am not sure if the server will actually allow to use any other protocol than TLS 1.2

[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls, [System.Net.SecurityProtocolType]::Tls11, [System.Net.SecurityProtocolType]::Tls12, [System.Net.SecurityProtocolType]::Ssl3;