Enable TLS 1.2 for Invoke-WebRequest (#510)

Azure · Nov 1, 2018 · e93e707 · e93e707
1 parent 645545a
commit e93e707
Showing 1 changed file with 18 additions and 2 deletions.
diff --git a/scripts/windows/setup/IotEdgeSecurityDaemon.ps1 b/scripts/windows/setup/IotEdgeSecurityDaemon.ps1
@@ -66,6 +66,18 @@ function Install-SecurityDaemon {
         return
     }
 
+    if (-not (Test-IotCore)) {
+        # `Invoke-WebRequest` may not use TLS 1.2 by default, depending on the specific release of Windows 10.
+        # This will be a problem if the release is downloaded from github.com since it only provides TLS 1.2.
+        # So enable TLS 1.2 in `[System.Net.ServicePointManager]::SecurityProtocol`, which enables it (in the current PS session)
+        # for `Invoke-WebRequest` and everything else that uses `System.Net.HttpWebRequest`
+        #
+        # This is not needed on IoT Core since its `Invoke-WebRequest` supports TLS 1.2 by default. It *can't* be done
+        # for IoT Core anyway because the `System.Net.ServicePointManager` type doesn't exist in its version of dotnet.
+        [System.Net.ServicePointManager]::SecurityProtocol =
+            [System.Net.ServicePointManager]::SecurityProtocol -bor [System.Net.SecurityProtocolType]::Tls12
+    }
+
     $usesSeparateDllForEventLogMessages = Get-SecurityDaemon
     Set-SystemPath
     Get-VcRuntime
@@ -146,7 +158,7 @@ function Test-IsDockerRunning {
         }
     } else {
         Write-Host "Docker is not running." -ForegroundColor "Red"
-        if ((Get-Item "HKLM:\Software\Microsoft\Windows NT\CurrentVersion").GetValue("EditionID") -eq "IoTUAP") {
+        if (Test-IotCore) {
             Write-Host ("Please visit https://docs.microsoft.com/en-us/azure/iot-edge/how-to-install-iot-core " +
                 "for assistance with installing Docker on IoT Core.") `
                 -ForegroundColor "Red"
@@ -364,7 +376,7 @@ function Reset-SystemPath {
 }
 
 function Get-VcRuntime {
-    if ((Get-Item "HKLM:\Software\Microsoft\Windows NT\CurrentVersion").GetValue("EditionID") -eq "IoTUAP") {
+    if (Test-IotCore) {
         Write-Host "Skipped vcruntime download on IoT Core." -ForegroundColor "Green"
         return
     }
@@ -647,5 +659,9 @@ function Invoke-Native {
     }
 }
 
+function Test-IotCore {
+    (Get-ItemProperty -Path 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion').'EditionID' -eq 'IoTUAP'
+}
+
 Export-ModuleMember -Function Install-SecurityDaemon, Uninstall-SecurityDaemon
 }