Add enforcement of TLS1.2

CHANGELOG.md

@@ -1,4 +1,7 @@
 # Changelog
+### 2.2.4
+- Enforce a security protocol of TLS 1.2 when interacting with online repositories (#598)
+
 ### 2.2.3
 
 - Update `HelpInfoUri` to point to the latest content (#560)

src/PowerShellGet/PowerShellGet.psd1

@@ -1,6 +1,6 @@
 @{
     RootModule        = 'PSModule.psm1'
-    ModuleVersion     = '2.2.3'
+    ModuleVersion     = '2.2.4'
     GUID              = '1d73a601-4a6c-43c5-ba3f-619b18bbb404'
     Author            = 'Microsoft Corporation'
     CompanyName       = 'Microsoft Corporation'

src/PowerShellGet/public/psgetfunctions/Find-Module.ps1

@@ -90,6 +90,10 @@ function Find-Module {
     )
 
     Begin {
+        # Change security protocol to TLS 1.2
+        $script:securityProtocol = [Net.ServicePointManager]::SecurityProtocol
+        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
         Install-NuGetClientBinaries -CallerPSCmdlet $PSCmdlet -Proxy $Proxy -ProxyCredential $ProxyCredential
     }
 
@@ -158,12 +162,13 @@ function Find-Module {
                 else {
                     $psgetItemInfo
                 }
-            } elseif ($PSBoundParameters['Name'] -and -not (Test-WildcardPattern -Name ($Name | Microsoft.PowerShell.Core\Where-Object { $psgetItemInfo.Name -like $_ }))) {
+            }
+            elseif ($PSBoundParameters['Name'] -and -not (Test-WildcardPattern -Name ($Name | Microsoft.PowerShell.Core\Where-Object { $psgetItemInfo.Name -like $_ }))) {
                 $message = $LocalizedData.MatchInvalidType -f ($psgetItemInfo.Name, $psgetItemInfo.Type, $script:PSArtifactTypeModule)
                 Write-Error -Message $message `
-                            -ErrorId 'MatchInvalidType' `
-                            -Category InvalidArgument `
-                            -TargetObject $Name
+                    -ErrorId 'MatchInvalidType' `
+                    -Category InvalidArgument `
+                    -TargetObject $Name
             }
 
             if ($psgetItemInfo -and
@@ -181,4 +186,9 @@ function Find-Module {
             Log-ArtifactNotFoundInPSGallery -SearchedName $Name -FoundName $modulesFoundInPSGallery -operationName 'PSGET_FIND_MODULE'
         }
     }
+
+    End {
+        # Change back to user specified security protocol
+        [Net.ServicePointManager]::SecurityProtocol = $script:securityProtocol
+    }
 }

src/PowerShellGet/public/psgetfunctions/Find-Script.ps1

@@ -80,6 +80,10 @@ function Find-Script {
     )
 
     Begin {
+        # Change security protocol to TLS 1.2
+        $script:securityProtocol = [Net.ServicePointManager]::SecurityProtocol
+        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
         Install-NuGetClientBinaries -CallerPSCmdlet $PSCmdlet -Proxy $Proxy -ProxyCredential $ProxyCredential
     }
 
@@ -166,12 +170,13 @@ function Find-Script {
                 else {
                     $psgetItemInfo
                 }
-            } elseif ($PSBoundParameters['Name'] -and -not (Test-WildcardPattern -Name ($Name | Microsoft.PowerShell.Core\Where-Object { $psgetItemInfo.Name -like $_ }))) {
+            }
+            elseif ($PSBoundParameters['Name'] -and -not (Test-WildcardPattern -Name ($Name | Microsoft.PowerShell.Core\Where-Object { $psgetItemInfo.Name -like $_ }))) {
                 $message = $LocalizedData.MatchInvalidType -f ($psgetItemInfo.Name, $psgetItemInfo.Type, $script:PSArtifactTypeScript)
                 Write-Error -Message $message `
-                            -ErrorId 'MatchInvalidType' `
-                            -Category InvalidArgument `
-                            -TargetObject $Name
+                    -ErrorId 'MatchInvalidType' `
+                    -Category InvalidArgument `
+                    -TargetObject $Name
             }
 
             if ($psgetItemInfo -and
@@ -188,4 +193,9 @@ function Find-Script {
             Log-ArtifactNotFoundInPSGallery -SearchedName $Name -FoundName $scriptsFoundInPSGallery -operationName PSGET_FIND_SCRIPT
         }
     }
+
+    End {
+        # Change back to user specified security protocol
+        [Net.ServicePointManager]::SecurityProtocol = $script:securityProtocol
+    }
 }

src/PowerShellGet/public/psgetfunctions/Install-Module.ps1

@@ -91,6 +91,10 @@ function Install-Module {
     )
 
     Begin {
+        # Change security protocol to TLS 1.2
+        $script:securityProtocol = [Net.ServicePointManager]::SecurityProtocol
+        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
         if ($Scope -eq "AllUsers" -and -not (Test-RunningAsElevated)) {
             # Throw an error when Install-Module is used as a non-admin user and '-Scope AllUsers'
             $message = $LocalizedData.InstallModuleAdminPrivilegeRequiredForAllUsersScope -f @($script:programFilesModulesPath, $script:MyDocumentsModulesPath)
@@ -269,4 +273,9 @@ function Install-Module {
             }
         }
     }
+
+    End {
+        # Change back to user specified security protocol
+        [Net.ServicePointManager]::SecurityProtocol = $script:securityProtocol
+    }
 }

src/PowerShellGet/public/psgetfunctions/Install-Script.ps1

@@ -87,6 +87,10 @@ function Install-Script {
     )
 
     Begin {
+        # Change security protocol to TLS 1.2
+        $script:securityProtocol = [Net.ServicePointManager]::SecurityProtocol
+        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
         if ($Scope -eq "AllUsers" -and -not (Test-RunningAsElevated)) {
             # Throw an error when Install-Script is used as a non-admin user and '-Scope AllUsers'
             $message = $LocalizedData.InstallScriptAdminPrivilegeRequiredForAllUsersScope -f @($script:ProgramFilesScriptsPath, $script:MyDocumentsScriptsPath)
@@ -318,4 +322,9 @@ function Install-Script {
             }
         }
     }
+
+    End {
+        # Change back to user specified security protocol
+        [Net.ServicePointManager]::SecurityProtocol = $script:securityProtocol
+    }
 }

src/PowerShellGet/public/psgetfunctions/Publish-Module.ps1

@@ -89,6 +89,10 @@ function Publish-Module {
     )
 
     Begin {
+        # Change security protocol to TLS 1.2
+        $script:securityProtocol = [Net.ServicePointManager]::SecurityProtocol
+        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
         if ($LicenseUri -and -not (Test-WebUri -uri $LicenseUri)) {
             $message = $LocalizedData.InvalidWebUri -f ($LicenseUri, "LicenseUri")
             ThrowError -ExceptionName "System.ArgumentException" `
@@ -214,7 +218,7 @@ function Publish-Module {
 
             # Find the module to be published locally, search by name and RequiredVersion
             $module = Microsoft.PowerShell.Core\Get-Module -ListAvailable -Name $Name -Verbose:$false |
-                Microsoft.PowerShell.Core\Where-Object {
+            Microsoft.PowerShell.Core\Where-Object {
                 $modInfoPrerelease = $null
                 if ($_.PrivateData -and
                     $_.PrivateData.GetType().ToString() -eq "System.Collections.Hashtable" -and
@@ -377,7 +381,7 @@ function Publish-Module {
         # Copy-Item -Recurse -Force includes hidden items like .git directories, which we don't want
         # This finds all the items without force (leaving out hidden files and dirs) then copies them
         Microsoft.PowerShell.Management\Get-ChildItem $Path -recurse |
-            Microsoft.PowerShell.Management\Copy-Item -Force -Confirm:$false -WhatIf:$false -Destination {
+        Microsoft.PowerShell.Management\Copy-Item -Force -Confirm:$false -WhatIf:$false -Destination {
             if ($_.PSIsContainer) {
                 Join-Path $tempModulePathForFormatVersion $_.Parent.FullName.substring($path.length)
             }
@@ -458,8 +462,8 @@ function Publish-Module {
             # Check if the specified module name is already used for a script on the specified repository
             # Use Find-Script to check if that name is already used as scriptname
             $scriptPSGetItemInfo = Find-Script @FindParameters |
-                Microsoft.PowerShell.Core\Where-Object {$_.Name -eq $moduleName} |
-                Microsoft.PowerShell.Utility\Select-Object -Last 1 -ErrorAction Ignore
+            Microsoft.PowerShell.Core\Where-Object { $_.Name -eq $moduleName } |
+            Microsoft.PowerShell.Utility\Select-Object -Last 1 -ErrorAction Ignore
             if ($scriptPSGetItemInfo) {
                 $message = $LocalizedData.SpecifiedNameIsAlearyUsed -f ($moduleName, $Repository, 'Find-Script')
                 ThrowError -ExceptionName "System.InvalidOperationException" `
@@ -472,8 +476,8 @@ function Publish-Module {
 
             $null = $FindParameters.Remove('Tag')
             $currentPSGetItemInfo = Find-Module @FindParameters |
-                Microsoft.PowerShell.Core\Where-Object {$_.Name -eq $moduleInfo.Name} |
-                Microsoft.PowerShell.Utility\Select-Object -Last 1 -ErrorAction Ignore
+            Microsoft.PowerShell.Core\Where-Object { $_.Name -eq $moduleInfo.Name } |
+            Microsoft.PowerShell.Utility\Select-Object -Last 1 -ErrorAction Ignore
 
             if ($currentPSGetItemInfo) {
                 $result = ValidateAndGet-VersionPrereleaseStrings -Version $currentPSGetItemInfo.Version -CallerPSCmdlet $PSCmdlet
@@ -580,4 +584,9 @@ function Publish-Module {
             Microsoft.PowerShell.Management\Remove-Item $tempModulePath -Force -Recurse -ErrorAction Ignore -WarningAction SilentlyContinue -Confirm:$false -WhatIf:$false
         }
     }
+
+    End {
+        # Change back to user specified security protocol
+        [Net.ServicePointManager]::SecurityProtocol = $script:securityProtocol
+    }
 }

src/PowerShellGet/public/psgetfunctions/Publish-Script.ps1

@@ -43,6 +43,10 @@ function Publish-Script {
     )
 
     Begin {
+        # Change security protocol to TLS 1.2
+        $script:securityProtocol = [Net.ServicePointManager]::SecurityProtocol
+        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
         Install-NuGetClientBinaries -CallerPSCmdlet $PSCmdlet -BootstrapNuGetExe -Force:$Force
     }
 
@@ -336,4 +340,9 @@ function Publish-Script {
             Microsoft.PowerShell.Management\Remove-Item $tempScriptPath -Force -Recurse -ErrorAction Ignore -WarningAction SilentlyContinue -Confirm:$false -WhatIf:$false
         }
     }
+
+    End {
+        # Change back to user specified security protocol
+        [Net.ServicePointManager]::SecurityProtocol = $script:securityProtocol
+    }
 }

src/PowerShellGet/public/psgetfunctions/Save-Module.ps1

@@ -114,6 +114,10 @@ function Save-Module {
     )
 
     Begin {
+        # Change security protocol to TLS 1.2
+        $script:securityProtocol = [Net.ServicePointManager]::SecurityProtocol
+        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
         Install-NuGetClientBinaries -CallerPSCmdlet $PSCmdlet -Proxy $Proxy -ProxyCredential $ProxyCredential
 
         # Module names already tried in the current pipeline for InputObject parameterset
@@ -252,4 +256,9 @@ function Save-Module {
             }
         }
     }
+
+    End {
+        # Change back to user specified security protocol
+        [Net.ServicePointManager]::SecurityProtocol = $script:securityProtocol
+    }
 }

src/PowerShellGet/public/psgetfunctions/Save-Script.ps1

@@ -116,6 +116,10 @@ function Save-Script {
     )
 
     Begin {
+        # Change security protocol to TLS 1.2
+        $script:securityProtocol = [Net.ServicePointManager]::SecurityProtocol
+        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
         Install-NuGetClientBinaries -CallerPSCmdlet $PSCmdlet -Proxy $Proxy -ProxyCredential $ProxyCredential
 
         # Script names already tried in the current pipeline for InputObject parameterset
@@ -258,4 +262,9 @@ function Save-Script {
             }
         }
     }
+
+    End {
+        # Change back to user specified security protocol
+        [Net.ServicePointManager]::SecurityProtocol = $script:securityProtocol
+    }
 }

src/PowerShellGet/public/psgetfunctions/Update-Module.ps1

@@ -58,6 +58,10 @@ function Update-Module {
     )
 
     Begin {
+        # Change security protocol to TLS 1.2
+        $script:securityProtocol = [Net.ServicePointManager]::SecurityProtocol
+        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
         Install-NuGetClientBinaries -CallerPSCmdlet $PSCmdlet -Proxy $Proxy -ProxyCredential $ProxyCredential
 
         if ($Scope -eq "AllUsers" -and -not (Test-RunningAsElevated)) {
@@ -169,4 +173,9 @@ function Update-Module {
             }
         }
     }
+
+    End {
+        # Change back to user specified security protocol
+        [Net.ServicePointManager]::SecurityProtocol = $script:securityProtocol
+    }
 }

src/PowerShellGet/public/psgetfunctions/Update-Script.ps1

@@ -53,6 +53,10 @@ function Update-Script {
     )
 
     Begin {
+        # Change security protocol to TLS 1.2
+        $script:securityProtocol = [Net.ServicePointManager]::SecurityProtocol
+        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
         Install-NuGetClientBinaries -CallerPSCmdlet $PSCmdlet -Proxy $Proxy -ProxyCredential $ProxyCredential
 
         # Script names already tried in the current pipeline
@@ -176,4 +180,9 @@ function Update-Script {
             }
         }
     }
+
+    End {
+        # Change back to user specified security protocol
+        [Net.ServicePointManager]::SecurityProtocol = $script:securityProtocol
+    }
 }