Pau*_*bra 5 powershell ssl windows-server-2012-r2
我已经提供了一个新的Server 2012框来进行设置.
我正在尝试使用powershell来安装chocolatey
iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
并得到错误
Exception calling "DownloadString" with "1" argument(s): "The underlying connection was closed: An unexpected error
occurred on a receive."
At line:1 char:1
+ iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/in ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WebException
我可以在浏览器中访问该URL.
起初我认为这与Chocolatey有关,但后来我才意识到这一点
(New-Object System.Net.WebClient).DownloadString('http://google.com'))
可以下载HTML内容
但
((New-Object System.Net.WebClient).DownloadString('https://google.com'))
失败并出现同样的错误
The underlying connection was closed: An unexpected error occurred on a receive.
盒子:
我确信我做的事情很傻但看不出来......
---更新---
基于这个答案
我按照以下步骤操作:
```1.在"控制面板"中,单击"管理工具",然后双击"本地安全策略".
2.在"本地安全设置"中,展开"本地策略",然后单击"安全选项".
3.在右窗格中的"策略"下,双击"系统加密:使用符合FIPS的算法进行加密,散列和签名",然后单击"已启用".
之后,可以下载巧克力安装脚本,但随后失败:
STDOUT: FIPS Mode detected - run 'choco feature enable -n useFipsCompliantChecksums'
to use Chocolatey.
When FIPS Mode is enabled, Chocolatey requires useFipsCompliantChecksums feature also be enabled.
STDERR:
---- End output of C:\ProgramData\chocolatey/bin/choco.exe list -l -r ----
Ran C:\ProgramData\chocolatey/bin/choco.exe list -l -r returned 1
仍然觉得GPO改变不应该是必要的
Pau*_*bra 10
事实证明,这是因为我们的服务器映像中禁用了TLS 1.0以符合PCI DSS 3.1.
回滚对图像的更改解决了PowerShell问题.
在短期内我们可以运行
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12在使用之前System.Net.WebClient,我想找到一种在机器级别强制实施的方法......
我用Chocolatey记录了这个,他们解决了这个问题\ o /
| 归档时间: |
|
| 查看次数: |
2459 次 |
| 最近记录: |