cChoco icon indicating copy to clipboard operation
cChoco copied to clipboard
verified publisher icon chocolatey

cChoco resource to install Chocolatey does not work in powershell 7.4.1 due to Ssl3 presumption

Open coderjoe opened this issue 1 year ago • 1 comments

Checklist

  • [X] I have verified this is the correct repository for opening this issue.
  • [X] I have verified no other issues exist related to my problem.
  • [X] I have verified this is not an issue for a specific package.
  • [X] I have verified this issue is not security related.
  • [X] I confirm I am using official, and not unofficial, or modified, Chocolatey products.

What You Are Seeing?

When attempting to install chocolatey using the cChocoInstaller resource and the cChoco package version 2.6.0 in pwsh 7.4.1 the resource fails with the following error:

Resource [InstallChoco] 'Set' error: Exception setting "SecurityProtocol": "The requested security protocol is not supported."

What is Expected?

The resource should run as expected.

How Did You Get This To Happen?

  1. I created the DSC script at the end of this list.
  2. I tried to run the DSC script
  3. I received the error

The relevant DSC configuration:

Configuration CreateDscConfiguration
{
  Import-DscResource -ModuleName cChoco -ModuleVersion 2.6.0.0  # See: https://github.com/chocolatey/cChoco
  
  Node localhost
  {
    cChocoInstaller InstallChoco {
      InstallDir = "C:\ProgramData\chocolatey"
    }
  }
}

System Details

  • Operating System: Windows Server 2019 Datacenter
  • Windows PowerShell version: pwsh 7.4.1
  • Chocolatey CLI Version: -na- install is failing
  • Chocolatey Licensed Extension version: -na-
  • Chocolatey License type: -na-
  • Terminal/Emulator: pwsh.exe

Installed Packages

-na- chocolatey is not yet installed

Output Log

-na- the chocolatey cli isn't able to be installed

Additional Context

Please note that this is different from the existing issue #173 as we are not trying to use DSCv3. We're just using Powershell 7.4.1 with DSCv2. All of our legacy DSC scripts so far work, but this error is preventing our cChoco installation.

I believe the problem to be related to this line in the cChocoInstaller resource which presumes that Ssl3 is available. It was deprecated and attempting to run that line in powershell 7.4.1 produces the error expected.

It will likely have to look up the current running Powershell version and only use Ssl3 in the correct version similar to this change in chocolatey itself: https://github.com/chocolatey/choco/issues/1623

coderjoe avatar Feb 08 '24 19:02 coderjoe

It appears this problem happens all the way back in Powershell 6 due to the SSLv3 deprecation/removal. I'm going to take a stab at a PR since this is affecting many of our scripts.

coderjoe avatar Feb 08 '24 19:02 coderjoe