Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS/HTTPS issue? #41

Closed
napzero opened this issue Mar 9, 2018 · 2 comments
Closed

TLS/HTTPS issue? #41

napzero opened this issue Mar 9, 2018 · 2 comments
Labels
bug

Comments

@napzero
Copy link

napzero commented Mar 9, 2018

I tried running StartExampleDownloads.bat and got this error...

Start-DownloadFile : Exception calling "DownloadFile" with "2" argument(s): "The underlying connection was closed: An unexpected error occurred on a send." At C:\temp\BiosSledgehammer_v3.3.2\StartExampleDownloads.ps1:175 char:19

  • ... $tempFile=Start-DownloadFile -URL $URL -DownloadPath $DownloadPath
  •           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • CategoryInfo : NotSpecified: (:) [Start-DownloadFile], MethodInvocationException
  • FullyQualifiedErrorId : WebException,Start-DownloadFile
  • I tried on another PC and on a VM and got the same.
  • I got one download to work by changing the download URL from HTTPS to HTTP.
  • I got HTTPS to work by adding the below code right before $webClient.DownloadFile($URL, $tempFile)

System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Tls,Tls11,Tls12'

Thoughts?
BTW I'm new to GitHub, sorry if I'm not not using good form or something.
@texhex texhex added the bug label Mar 9, 2018
texhex added a commit that referenced this issue Mar 9, 2018
@texhex
Fix for issue #41 by enabling TLS 1.1 and 1.2
df05873
@texhex
Copy link
Owner

texhex commented Mar 9, 2018

Regarding if you did everything right: You included all details, confirmed that it was not single machine error and even included a working solution. If all issue reports would be like this, my life would be a lot easier. So, yes you did everything right 👍

I did some in testing regarding this and the base issue is that PowerShell (by default) uses SecurityProtocolType.Tls|SecurityProtocolType.Ssl3 (as this the default in .NET 4.0/4.5) and ftp.hp.com has disabled both protocols as they are unsecure. See http://ssl-checker.online-domain-tools.com/ and enter ftp.hp.com to check which protocols and cipher suites they offer

Your code did the right thing because it turned on TLS 1.1 and 1.2. My code is just a little deviation of yours as it turns on TLS 1.1 and 1.2 without touching the default protocols. If TLS 1.3 ever becomes standard and is supported by .NET, that code should not overwrite it.

[System.Net.ServicePointManager]::SecurityProtocol = 

[System.Net.ServicePointManager]::SecurityProtocol -bor
[System.Net.SecurityProtocolType]'Tls11' -bor 
[System.Net.SecurityProtocolType]'Tls12'

A fix was just pushed. Please do the following:

NOTE: You will get download errors for several BIOS downloads for sure as it seems that HP has removed all BIOS versions without Spectre Fix. This will be the next task on my TODO list.

@napzero
Copy link
Author

napzero commented Mar 9, 2018

Awesome! Thank you, and likewise I'm glad to have helped.

@napzero napzero closed this as completed Mar 9, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@texhex @napzero