发表新帖
发表新帖

Invoke-WebRequest SSL fails?

前端 未结
关注
4 1722
走了就别回头了
走了就别回头了 2020-12-02 19:00

When I try to use Invoke-WebRequest I\'m getting some weird error:

Invoke-WebRequest -Uri \"https://idp.safenames.com/\"

Invoke-WebRequest : Th
相关标签:
4条回答
  • 执念已碎
    2020-12-02 19:04

    As BaconBits notes, .NET version > 4.5 uses SSLv3 and TLS 1.0 by default.

    You can change this behavior by setting the SecurityProtocol policy with the ServicePointManager class:

    PS C:\> $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
PS C:\> [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
PS C:\> (Invoke-WebRequest -Uri "https://idp.safenames.com/").StatusCode
200

    This will apply to all requests in the AppDomain (so it only applies to the current instance of the host application).

    There's a module on GitHub and in PSGallery that can manage these settings now:

    Install-Module BetterTls -Scope CurrentUser
Import-Module BetterTls
Enable-Tls -Tls11 -Tls12
    0 讨论(0)
  • 渐次进展
    2020-12-02 19:15

    One line:

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

    0 讨论(0)
  • 轮回少年
    2020-12-02 19:23

    Based on this scan, it doesn't look like that URI supports anything lower than TLS 1.1.

    What version of Windows are you on? If you're on PowerShell v4.0 or lower, you're not going to be able to negotiate a TLS 1.1 or 1.2 connection because the .Net Framework doesn't support TLS 1.1 or 1.2 until .Net Framework 4.5. PowerShell v4.0 is .Net 4.0. That means the underlying System.Net.WebRequest classes can't negotiate a connection. I believe PowerShell v5.0 is .Net 4.5 or .Net 4.6, but I don't have a Win 10 client to check the $PSVersionTable right now.

    You may be able to get it to work by coding the calls to WebRequest manually and specifying the protocol as [System.Net.SecurityProtocolType]::Tls12 or [System.Net.SecurityProtocolType]::Tls11, but I'm not sure if that's possible. That's supposed to work if .Net 4.5 is installed from what I'm seeing, but, again, I've never tried it.

    For reference, I get the exact same results as you on Windows 7 x64/Powershell v4.0 and I've got .Net 4.5 installed, but I've never tried manually coding the WebRequest. I also get an error if I use wget for Windows 1.11.4 from here (OpenSSL 0.9.8b, well before TLS 1.1 and 1.2), but it works just fine if I use wget for Windows 1.17.1 from here (current, more or less).

    0 讨论(0)
  • 离开以前
    2020-12-02 19:23

    This can be permanently changed as well

    # set strong cryptography on 32 bit .Net Framework (version 4 and above)
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
# set strong cryptography on 64 bit .Net Framework (version 4 and above)
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
    0 讨论(0)
 看不清?
提交回复
热议问题