{"id":18341,"date":"2020-04-09T11:04:17","date_gmt":"2020-04-09T19:04:17","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/powershell\/?p=18341"},"modified":"2022-04-21T12:06:40","modified_gmt":"2022-04-21T20:06:40","slug":"powershell-gallery-tls-support","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/powershell\/powershell-gallery-tls-support\/","title":{"rendered":"PowerShell Gallery TLS Support"},"content":{"rendered":"

Summary<\/span><\/h2>\n

To provide the best-in-class encryption to our customers, the PowerShell Gallery has deprecated Transport Layer Security (TLS) versions 1.0 and 1.1 as of April 2020.<\/p>\n

The Microsoft TLS 1.0 implementation has no known security vulnerabilities. But because of the potential for future protocol downgrade attacks and other TLS vulnerabilities, we are discontinuing support for TLS 1.0 and 1.1 in the PowerShell Gallery.<\/p>\n

For information about how to remove TLS 1.0 and 1.1 dependencies, see\u00a0the whitepaper Solving the TLS 1.0 problem<\/a>.<\/p>\n

More information<\/h2>\n

As of April 2020, TLS 1.2 is set to be the default for the PowerShell Gallery.<\/p>\n

Please note that TLS 1.0 and 1.1 was already unsupported, but the actual deprecation when PowerShell Gallery will now stop accepting any connections using TLS 1.0 and 1.1 has occurred.<\/p>\n

We recommend that all client-server combinations use TLS 1.2 (or a later version) to maintain connection to the PowerShell Gallery.<\/p>\n

Mitigation<\/h2>\n

To mitigate this chance we have released a minor update to PowerShellGet which will allow you to continue to interact with the PowerShell Gallery. To install this run:<\/p>\n

<\/code><\/p>\n

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 \r\nInstall-Module PowerShellGet -RequiredVersion 2.2.4 -SkipPublisherCheck<\/pre>\n
Note:<\/p>\n
This in this version of PowerShellGet when a call is made to the PowerShell Gallery, PowerShellGet will save the user’s current security protocol setting, then it it’ll change the security protocol to TLS 1.2 (by specifying [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12), after the action is taken by the cmdlet it will change the user’s security protocol back to what it was before the cmdlet was run.<\/p>\n
Errors I Might See<\/h2>\n
If you are running an older version of TLS and try to interact with the PowerShell Gallery you may see error messages like:<\/p>\n
Publishing<\/h3>\n
+ ...             Publish-PSArtifactUtility @PublishPSArtifactUtility_Param ...\r\n+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n+ CategoryInfo          : InvalidOperation: (:) [Write-Error], WriteErrorException\r\n+ FullyQualifiedErrorId : FailedToCreateCompressedModule,Publish-PSArtifactUtility<\/pre>\n
Installing<\/h3>\n
+ ...            $null = PackageManagement\\Install-Package @PSBoundParameters + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ \r\n+ CategoryInfo : ResourceUnavailable: (C:\\Users\\T-Ncho...anagement.nupkg:String) [Install-Package], Exception \r\n+ FullyQualifiedErrorId : PackageFailedInstallOrDownload,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackage<\/pre>\n
Concerns and Support<\/h2>\n
Please open an issue in\u00a0our GitHub repository<\/a>\u00a0or contact our gallery support channel through\u00a0cgadmin@microsoft.com<\/a>\u00a0if you have any concerns, challenges, or are unable to upgrade to TLS 1.2 or above.<\/p>\n
 <\/p>\n
Sydney Smith<\/p>\n
PowerShell Team<\/p>\n
 <\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
Summary To provide the best-in-class encryption to our customers, the PowerShell Gallery has deprecated Transport Layer Security (TLS) versions 1.0 and 1.1 as of April 2020. The Microsoft TLS 1.0 implementation has no known security vulnerabilities. But because of the potential for future protocol downgrade attacks and other TLS vulnerabilities, we are discontinuing support for […]<\/p>\n","protected":false},"author":2299,"featured_media":13641,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[259,274],"class_list":["post-18341","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-powershell","tag-powershell-gallery","tag-powershellget"],"acf":[],"blog_post_summary":"
Summary To provide the best-in-class encryption to our customers, the PowerShell Gallery has deprecated Transport Layer Security (TLS) versions 1.0 and 1.1 as of April 2020. The Microsoft TLS 1.0 implementation has no known security vulnerabilities. But because of the potential for future protocol downgrade attacks and other TLS vulnerabilities, we are discontinuing support for […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts\/18341","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/users\/2299"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/comments?post=18341"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/posts\/18341\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/media\/13641"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/media?parent=18341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/categories?post=18341"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/powershell\/wp-json\/wp\/v2\/tags?post=18341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}