New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to connect after removing SSLv3/TLSv1 ciphers from vRA Appliance #130

Closed
pezhore opened this Issue Apr 21, 2017 · 1 comment

Comments

Projects
None yet
3 participants
@pezhore

pezhore commented Apr 21, 2017

Steps to reproduce

Follow VMware hardening guide (PDF), pp. 29-34 - disabling SSLv3/TLSv1 (weak ciphers).

Attempt to connect via Connect-vRAServer -Server vra.mydomain.local -Credential $credential -IgnoreCertRequirements or Connect-vRAServer -Server vra.mydomain.local -Credential $credential

Expected behavior

Connection established to the specified vRA server.

Actual behavior

Invoke-WebRequest fails with the following error

Invoke-RestMethod : The underlying connection was closed: An unexpected error occurred on a send.
At R:\My Documents\WindowsPowerShell\Modules\PowervRA\2.1.0\Functions\Public\Connect-vRAServer.ps1:142 char:21
+         $Response = Invoke-RestMethod @Params
+                     ~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

Environment data

> $PSVersionTable
Name                           Value
----                           -----
PSVersion                      5.1.14409.1005
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.14409.1005
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
> $vRAConnection
@pezhore

This comment has been minimized.

Show comment
Hide comment
@pezhore

pezhore Apr 21, 2017

It appears that this is related to the default security protocols in PowerShell:

R:\Source\PS-Snow-Wrapper [master ≡]> [System.Net.ServicePointManager]::SecurityProtocol
Ssl3, Tls

Work around, is to enable TLSv1.2 for the current session:

$SecurityProtocols = @(
        [System.Net.SecurityProtocolType]::Ssl3,
        [System.Net.SecurityProtocolType]::Tls,
        [System.Net.SecurityProtocolType]::Tls12
    )

   [System.Net.ServicePointManager]::SecurityProtocol = $SecurityProtocols -join ","

pezhore commented Apr 21, 2017

It appears that this is related to the default security protocols in PowerShell:

R:\Source\PS-Snow-Wrapper [master ≡]> [System.Net.ServicePointManager]::SecurityProtocol
Ssl3, Tls

Work around, is to enable TLSv1.2 for the current session:

$SecurityProtocols = @(
        [System.Net.SecurityProtocolType]::Ssl3,
        [System.Net.SecurityProtocolType]::Tls,
        [System.Net.SecurityProtocolType]::Tls12
    )

   [System.Net.ServicePointManager]::SecurityProtocol = $SecurityProtocols -join ","

@chelnak chelnak self-assigned this Apr 25, 2017

@chelnak chelnak added this to the v2.2.1 milestone Apr 25, 2017

@chelnak chelnak added the bug label Apr 25, 2017

@jonathanmedd jonathanmedd self-assigned this Dec 1, 2017

@jonathanmedd jonathanmedd modified the milestones: v2.2.1, 3.0.0 Dec 8, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment