Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Support changing cipher suites offered by Invoke-WebRequest and Invoke-RestMethod

See original GitHub issue

Invoke-WebRequest and Invoke-RestMethod are rather permissive compared to web browsers with respect to how the SSL/TLS connection is established. #4899 would provide support for user-defined certificate validation in Invoke-WebRequest and Invoke-RestMethod. That is an improvement but only affects part of the permissiveness. Another part is the cipher suites.

The cipher suites offered by Invoke-WebRequest and Invoke-RestMethod seem to be determined by system-wide registry key changes. The discussion in dotnet/corefx#21577 includes one example of why such a system-wide setting is problematic. Basically it means that in practice all .Net things on a single computer end up offering all cipher suites needed by any .Net thing that needs to run on that computer. The net result is lowest common denominator security with respect to cipher suites. dotnet/corefx#21577 would make the cipher suites configurable per connection. Once that is implemented, it would be great for that configurability to be exposed by Invoke-WebRequest and Invoke-RestMethod.

Issue Analytics

  • State:open
  • Created 6 years ago
  • Reactions:1
  • Comments:8 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
markekrauscommented, May 4, 2019

Looks like it still needs to be surfaced in HttpClient/HttpClientHandler. Also, I’m not a fan of implementing this if it’s not supported on all platforms and it is currently not supported on windows in SslStream. Might be something that could be managed as an experimental feature once available in HttpClient.

1reaction
iSazonovcommented, May 1, 2019

We can continue after moving to .Net Core 3.0.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Only 2 cipher suites are offered by Powershell Invoke- ...
I am performing a Invoke-WebRequest to a site using Powershell. And i'm facing error "Could not create SSL/TLS secure channel"
Read more >
Powershell Invoke-WebRequest Fails with SSL/TLS ...
The cause of the error is Powershell by default uses TLS 1.0 to connect to website, but website security requires TLS 1.2. You...
Read more >
Force the Invoke-RestMethod PowerShell cmdlet to use ...
I am using a mix of the TLS protocols supported, so that it falls back to earlier versions if not available. [Net.ServicePointManager]:: ...
Read more >
Could not create SSL/TLS secure channel. : r/PowerShell
Invoke -WebRequest : The request was aborted: Could not create SSL/TLS secure channel. While the first instinct for this error is that PowerShell ......
Read more >
Invoke-WebRequest : The underlying connection was closed ...
The Powershell service doesn't support negotiating to a stronger cipher suite? I'm amazed!!! It should support upgrading to stronger crypto ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Need mechanism to disable globbing

Next page

Add-Type ReadAllText perf improvement