Skip to content

Instantly share code, notes, and snippets.

@scrthq

scrthq/PowerShellGet-PackageManagement-Force_TLS_1.2.ps1

Last active April 14, 2020 08:21
Show Gist options
  • Save scrthq/ee0151d2e865d51b20f9be5a1f1ed910 to your computer and use it in GitHub Desktop.
Save scrthq/ee0151d2e865d51b20f9be5a1f1ed910 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
PowerShellGet-PackageManagement-Force_TLS_1.2.ps1
<#
Some proxy commands to add to your profile to force the following functions/cmdlets
to use TLS 1.2 without changing the SecurityProtocol for your entire session:
- Update-Module
- Install-Module
- Install-PackageProvider
Context: https://twitter.com/Steve_MSFT/status/1248396676017995779
Sample usage:
- Add to $PROFILE.AllUsersAllHosts so that anything running Windows PowerShell on
the host will not fail due to not meeting security requirements, e.g. initial
server configuration during a bootstrapping with configuration management
- Add to your CI pipeline scripts to ensure that dependency installation doesn't
fall flat without first changing your scripts, while also preventing issues with
legacy API calls that aren't TLS 1.2 compatible yet.
#>
function global:Update-Module {
[CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'Medium', HelpUri = 'https://go.microsoft.com/fwlink/?LinkID=398576')]
param(
[Parameter(Position = 0, ValueFromPipelineByPropertyName = $true)]
[ValidateNotNullOrEmpty()]
[string[]]
${Name},
[Parameter(ValueFromPipelineByPropertyName = $true)]
[ValidateNotNull()]
[string]
${RequiredVersion},
[Parameter(ValueFromPipelineByPropertyName = $true)]
[ValidateNotNull()]
[string]
${MaximumVersion},
[Parameter(ValueFromPipelineByPropertyName = $true)]
[pscredential]
[System.Management.Automation.CredentialAttribute()]
${Credential},
[ValidateSet('CurrentUser', 'AllUsers')]
[string]
${Scope},
[Parameter(ValueFromPipelineByPropertyName = $true)]
[ValidateNotNullOrEmpty()]
[uri]
${Proxy},
[Parameter(ValueFromPipelineByPropertyName = $true)]
[pscredential]
[System.Management.Automation.CredentialAttribute()]
${ProxyCredential},
[switch]
${Force},
[switch]
${AllowPrerelease},
[switch]
${AcceptLicense},
[switch]
${PassThru})
begin {
try {
$outBuffer = $null
if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) {
$PSBoundParameters['OutBuffer'] = 1
}
$wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand('PowerShellGet\Update-Module', [System.Management.Automation.CommandTypes]::Function)
$current = [Net.ServicePointManager]::SecurityProtocol
Write-Host -ForegroundColor Cyan "Forcing TLS 1.2 for $($wrappedCmd.Name)! Current SecurityProtocolType is $([Net.ServicePointManager]::SecurityProtocol)"
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$scriptCmd = { & $wrappedCmd @PSBoundParameters }
$steppablePipeline = $scriptCmd.GetSteppablePipeline($myInvocation.CommandOrigin)
$steppablePipeline.Begin($PSCmdlet)
}
catch {
[Net.ServicePointManager]::SecurityProtocol = $current
throw $_
}
}
process {
try {
$steppablePipeline.Process($_)
}
catch {
[Net.ServicePointManager]::SecurityProtocol = $current
throw $_
}
}
end {
try {
$steppablePipeline.End()
}
catch {
[Net.ServicePointManager]::SecurityProtocol = $current
throw $_
}
finally {
[Net.ServicePointManager]::SecurityProtocol = $current
}
}
<#
.ForwardHelpTargetName Update-Module
.ForwardHelpCategory Function
#>
}
function global:Install-Module {
[CmdletBinding(DefaultParameterSetName = 'NameParameterSet', SupportsShouldProcess = $true, ConfirmImpact = 'Medium', HelpUri = 'https://go.microsoft.com/fwlink/?LinkID=398573')]
param(
[Parameter(ParameterSetName = 'NameParameterSet', Mandatory = $true, Position = 0, ValueFromPipelineByPropertyName = $true)]
[ValidateNotNullOrEmpty()]
[string[]]
${Name},
[Parameter(ParameterSetName = 'InputObject', Mandatory = $true, Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)]
[ValidateNotNull()]
[psobject[]]
${InputObject},
[Parameter(ParameterSetName = 'NameParameterSet', ValueFromPipelineByPropertyName = $true)]
[ValidateNotNull()]
[string]
${MinimumVersion},
[Parameter(ParameterSetName = 'NameParameterSet', ValueFromPipelineByPropertyName = $true)]
[ValidateNotNull()]
[string]
${MaximumVersion},
[Parameter(ParameterSetName = 'NameParameterSet', ValueFromPipelineByPropertyName = $true)]
[ValidateNotNull()]
[string]
${RequiredVersion},
[Parameter(ParameterSetName = 'NameParameterSet')]
[ValidateNotNullOrEmpty()]
[string[]]
${Repository},
[Parameter(ValueFromPipelineByPropertyName = $true)]
[pscredential]
[System.Management.Automation.CredentialAttribute()]
${Credential},
[ValidateSet('CurrentUser', 'AllUsers')]
[string]
${Scope},
[Parameter(ValueFromPipelineByPropertyName = $true)]
[ValidateNotNullOrEmpty()]
[uri]
${Proxy},
[Parameter(ValueFromPipelineByPropertyName = $true)]
[pscredential]
[System.Management.Automation.CredentialAttribute()]
${ProxyCredential},
[switch]
${AllowClobber},
[switch]
${SkipPublisherCheck},
[switch]
${Force},
[Parameter(ParameterSetName = 'NameParameterSet')]
[switch]
${AllowPrerelease},
[switch]
${AcceptLicense},
[switch]
${PassThru})
begin {
try {
$outBuffer = $null
if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) {
$PSBoundParameters['OutBuffer'] = 1
}
$wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand('PowerShellGet\Install-Module', [System.Management.Automation.CommandTypes]::Function)
$current = [Net.ServicePointManager]::SecurityProtocol
Write-Host -ForegroundColor Cyan "Forcing TLS 1.2 for $($wrappedCmd.Name)! Current SecurityProtocolType is $([Net.ServicePointManager]::SecurityProtocol)"
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$scriptCmd = { & $wrappedCmd @PSBoundParameters }
$steppablePipeline = $scriptCmd.GetSteppablePipeline($myInvocation.CommandOrigin)
$steppablePipeline.Begin($PSCmdlet)
}
catch {
[Net.ServicePointManager]::SecurityProtocol = $current
throw $_
}
}
process {
try {
$steppablePipeline.Process($_)
}
catch {
[Net.ServicePointManager]::SecurityProtocol = $current
throw $_
}
}
end {
try {
$steppablePipeline.End()
}
catch {
[Net.ServicePointManager]::SecurityProtocol = $current
throw $_
}
finally {
[Net.ServicePointManager]::SecurityProtocol = $current
}
}
<#
.ForwardHelpTargetName Install-Module
.ForwardHelpCategory Function
#>
}
function global:Install-PackageProvider {
[CmdletBinding(DefaultParameterSetName = 'PackageBySearch', SupportsShouldProcess = $true, ConfirmImpact = 'Medium', HelpUri = 'https://go.microsoft.com/fwlink/?LinkId=626941')]
param(
[Parameter(ParameterSetName = 'PackageBySearch', Mandatory = $true, Position = 0)]
[string[]]
${Name},
[Parameter(ParameterSetName = 'PackageBySearch')]
[string]
${RequiredVersion},
[Parameter(ParameterSetName = 'PackageBySearch')]
[string]
${MinimumVersion},
[Parameter(ParameterSetName = 'PackageBySearch')]
[string]
${MaximumVersion},
[Parameter(ParameterSetName = 'PackageBySearch')]
[pscredential]
${Credential},
[Parameter(ParameterSetName = 'PackageBySearch')]
[Parameter(ParameterSetName = 'PackageByInputObject')]
[ValidateSet('CurrentUser', 'AllUsers')]
[string]
${Scope},
[Parameter(ParameterSetName = 'PackageBySearch', ValueFromPipelineByPropertyName = $true)]
[string[]]
${Source},
[Parameter(ParameterSetName = 'PackageByInputObject', Mandatory = $true, Position = 0, ValueFromPipeline = $true)]
[object[]]
${InputObject},
[ValidateNotNull()]
[uri]
${Proxy},
[ValidateNotNull()]
[pscredential]
${ProxyCredential},
[switch]
${AllVersions},
[switch]
${Force},
[switch]
${ForceBootstrap})
dynamicparam {
try {
$targetCmd = $ExecutionContext.InvokeCommand.GetCommand('PackageManagement\Install-PackageProvider', [System.Management.Automation.CommandTypes]::Cmdlet, $PSBoundParameters)
$dynamicParams = @($targetCmd.Parameters.GetEnumerator() | Microsoft.PowerShell.Core\Where-Object { $_.Value.IsDynamic })
if ($dynamicParams.Length -gt 0) {
$paramDictionary = [Management.Automation.RuntimeDefinedParameterDictionary]::new()
foreach ($param in $dynamicParams) {
$param = $param.Value
if (-not $MyInvocation.MyCommand.Parameters.ContainsKey($param.Name)) {
$dynParam = [Management.Automation.RuntimeDefinedParameter]::new($param.Name, $param.ParameterType, $param.Attributes)
$paramDictionary.Add($param.Name, $dynParam)
}
}
return $paramDictionary
}
}
catch {
throw
}
}
begin {
try {
$outBuffer = $null
if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) {
$PSBoundParameters['OutBuffer'] = 1
}
$wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand('PackageManagement\Install-PackageProvider', [System.Management.Automation.CommandTypes]::Cmdlet)
$current = [Net.ServicePointManager]::SecurityProtocol
Write-Host -ForegroundColor Cyan "Forcing TLS 1.2 for $($wrappedCmd.Name)! Current SecurityProtocolType is $([Net.ServicePointManager]::SecurityProtocol)"
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$scriptCmd = { & $wrappedCmd @PSBoundParameters }
$steppablePipeline = $scriptCmd.GetSteppablePipeline($myInvocation.CommandOrigin)
$steppablePipeline.Begin($PSCmdlet)
}
catch {
[Net.ServicePointManager]::SecurityProtocol = $current
throw $_
}
}
process {
try {
$steppablePipeline.Process($_)
}
catch {
[Net.ServicePointManager]::SecurityProtocol = $current
throw $_
}
}
end {
try {
$steppablePipeline.End()
}
catch {
[Net.ServicePointManager]::SecurityProtocol = $current
throw $_
}
finally {
[Net.ServicePointManager]::SecurityProtocol = $current
}
}
<#
.ForwardHelpTargetName PackageManagement\Install-PackageProvider
.ForwardHelpCategory Cmdlet
#>
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment