{WIP}(GH-458) .NET 4.5 / TLS v1.2 Support #459
Conversation
Prior to being able to use TLS 1.2, it is required that choco be upgraded to at least .NET 4.5. Upgrade each of the projects
|
If you build for .net 4.0, this is what you will get: |
NuGet detected that some assemblies required that they be reinstalled/retargeted to take advantage of the newer assembly framework.
.NET doesn't have compiler conditionals for the different versions of the .NET Frameworks, so it's not possible out of the box to target different functionality based on the .NET versions. Add a property group in a targets file based on http://stackoverflow.com/a/29001688/18475 and ensure that both chocolatey and chocolatey.console VS projects use those targets files.
The .NET Framework supports TLS v1.2 as of version 4.5 - http://msdn.microsoft.com/en-us/library/system.security.authentication.sslprotocols(v=vs.110).aspx but the security protocol is not set to use it out of the box. Set the SecurityProtocol to start with the highest encryption available and move down from there. If someone compiles choco with .NET 4.0, post a warning about the encryption not being good enough.
ferventcoder
force-pushed
the
ticket/master/GH-458-tls-support
branch
from
ae22e98
to
91e492c
Compare
ferventcoder
changed the title
Retarget ILMerge to .NET 4.5 reference assemblies.
|
I'm late to respond, but I'mall for jumping to 4.5 as a minimum. I think we moved to 4.5 with GUI already. |
ferventcoder
changed the title
|
Looks like travis ci will need fixes. |
|
Note that when you switch back and forth from this PR, you must empty out build_output/code_drop or it will throw errors about a missing dependency at you during the build and ILMerge will fail. |
|
Also note that Mono doesn't yet support 4.5.2 at the time of this comment. Might bump back to 4.5.x |
ferventcoder
changed the title
The .NET Framework supports TLS v1.2 as of version 4.5 - http://msdn.microsoft.com/en-us/library/system.security.authentication.sslprotocols(v=vs.110).aspx but the security protocol is not set to use it out of the box. Set the SecurityProtocol to start with the highest encryption available and move down from there. Choco is compiled on .NET 4.0, but .NET 4.5 is an in place upgrade, which gives us access to set the proper security protocols by converting the enumeration values directly into `SecurityProtocolType`. This will fail when running on .NET 4.0, so fall back to using TLS, then SSLv3 with a warning recommending folks upgrade to .NET 4.5 at their earliest convenience.
|
I think we'll close this for now as the big reason for jumping was TLS v1.2 support - we have that in Chocolatey now. See #458 for the commits that went in to support this. |
|
Here's another reason for jumping to 4.5.2: 4.0, 4.5, and 4.5.1 are no longer supported (or patched) by Microsoft. https://support.microsoft.com/en-us/lifecycle/search?alpha=.net%20framework This seems like a pretty big deal to me. |
|
@stephengtuggy 4.0 is the minimum supported version. You can be on a newer .Net 4.x with choco.exe and it supports TLS v1.2 if you have at least 4.5 installed. Does this make sense/adjust your understanding a bit? |
So sorry Windows 2003. No Choco 0.9.11 for you.
Closes #458