Scroll Top
Evotec Services sp. z o.o., ul. Drozdów 6, Mikołów, 43-190, Poland
+48 502 469 760
contact@evotec.pl

PowerShellGallery disables support for TLS 1.0 breaking Install-Module

PowerShellGallery disables support for TLS 1.0 breaking Install-Module
img_5ea804caa6795
By Przemyslaw Klys PowerShell April 9, 2020

A few days ago, I tried to use Install-Module on the old Windows 2008R2 system that I use for specific tasks.

install-module adessentials -Scope CurrentUser -Force

Unfortunately, it failed with a weird message saying:

WARNING: Source Location ‘https://www.powershellgallery.com/api/v2/package/PSEventViewer/1.0.13' is not valid.
PackageManagement\Install-Package : Package ‘PSEventViewer' failed to download.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:1772 char:21
+ … $null = PackageManagement\Install-Package @PSBoundParameters
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (C:\Users\adm_jz…entViewer.nupkg:String) [Install-Package], Exception
+ FullyQualifiedErrorId : PackageFailedInstallOrDownload,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackage

At first, I thought that PowerShellGallery is just blocked or broken, so I gave up retrying. However, today Justin Grote mentioned in a tweet that it's because PowerShellGallery disabled support for TLS 1.0 and is now requiring TLS 1.2. A simple change, but for older systems a breaking change. You can read about this change on the official PowerShell Team blog.

TLS 1.0 to TLS 1.2 workaround

If you check SecurityProtocol that is used by PowerShell, it reports SystemDefault.

[Net.ServicePointManager]::SecurityProtocol

But SystemDefault is different on every system. So while my up to date Windows 10 didn't notice any change, my work servers did. The error you saw above comes from TLS 1.2 requirement where servers I use are set to default TLS 1.0. The workaround for this issue is simple

[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12

But the problem with that approach is that you need to run it every time you open a new PowerShell session and want to use Install-Module, Update-Module, or any other command that interacts with PowerShellGallery. In case you want to fix this permanently you could use registry entries forcing  all .NET processes targeting .NET 4.5 to use strong crypto.

Set-ItemProperty `
    -Path "HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319" `
    -Name "SchUseStrongCrypto" `
    -Value "1" `
    -Type DWord `
    -Force

Set-ItemProperty `
    -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319" `
    -Name "SchUseStrongCrypto" `
    -Value "1" `
    -Type DWord `
    -Force

So if you're using any automated scripts that use Install-Module or Update-Module to configure things, you may want to update registry or add additional code to prevent any issues. For details you can read Transport Layer Security (TLS) best practices with the .NET Framework. Make sure to backup registry before making changes.

TLS 1.0 to TLS 1.2 - Final Solution

PowerShell Team (on 17th of April 2020) has released a new PowerShellGet, which solves the issue with TLS 1.2 requirement.

[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12
install-module powershellget -force -SkipPublisherCheck -Scope CurrentUser -AllowClobber

I've tested this on Windows 2008R2 without administrative rights, and it solves the issue.

Przemyslaw Klys / About Author
System Architect with over 14 years of experience in the IT field. Skilled, among others, in Active Directory, Microsoft Exchange and Office 365. Profoundly interested in PowerShell. Software geek.
More posts by Przemyslaw Klys

Related Posts

Making PowerShellGallery modules Portable
I’m a big fan of PowerShellGallery. It’s easy to use, Microsoft owned, a place to host your PowerShell modules. Every time I release a new PowerShell module, it’s readily available for me or anyone with a single command Install-Module. No need to host it yourself, no need to prepare anything – plug & play. Additionally, if your PowerShell module has any dependencies, it will download and install them, so it directly works out of the box. But what if you can’t use PowerShellGallery? What if you don’t want to use Install-Module on 100 computers, but you prefer to do it in a more controlled way? What if your servers do not have internet connectivity?
08 Sep 2019
PSWinDocumentation - Password Quality
PSWinDocumentation – Audit Active Directory Passwords
If you’re paying attention to what’s happening around the world now you probably know Have I Been Pwned service by now. You probably know that it has huge lists of hashes of passwords that leaked out over the years from different services (LinkedIn, Adobe, and so on). This means those passwords are now in possession of good guys, but also bad guys. With Active Directory being often a central place to store your password that allows you to access your Office 365 account, ADFS, Microsoft Exchange it’s important that your AD passwords is both secure and safe. Bad guys may want to try and access your email accounts or other data that’s available online. And having a list of passwords you or other people may have used before doesn’t help you in protecting your own data.
07 Oct 2018
PSWriteWord 0.4.1
PSWriteWord – Updated to 0.4.1 (Breaking Change included)
28 Jun 2018
Virus Total Analyzer - PowerShell Module
Working with VirusTotal from PowerShell
Virus Total is an excellent service. It’s a single place where hundreds of antivirus engines can verify if the file, URL, domain name, or IP Address is trusted or not. Of course, it’s not a silver bullet, but it brings tremendous value, and I often verify files I download before executing. Since I release a lot of new or updated PowerShell modules on a weekly/monthly basis, I thought it would be great to send newly released versions straight to Virus Total so I can have them checked before anyone executes them. I also hope to prevent false positives from some antivirus vendors that may tag my modules as malware because they haven’t seen the DLL or PowerShell module in this form before. I’ve seen it happen to DBATools, so why not try and push my modules before users even use them?
10 Aug 2022
PSWinReporting Legacy Edition
PSWinReporting 1.8 – Split of branches (Legacy vs. New Hope)
A new branch of PSWinReporting is slowly coming, and I thought it would be the best time to have a final article about it with all configuration options available for those that will want to stay using PSWinReporting from Legacy branch. The idea is that you may have it working in your systems and it’s good enough for you. You may not want to change it, and with New Hope, the changes are so big it’s a rewrite.
10 Mar 2019
Mentioning users in notifications using PSTeams PowerShell Module
Microsoft Teams over the last few years have grown into an excellent and flexible tool for both small and big companies. Having the ability to chat with users, store files or have all sorts of data in one place makes it easy and functional. Of course, it has its fair share of issues, but it’s getting better. One of the cool features of Microsoft Teams is being able to send notifications to Microsoft Teams Channels using WebHook Notifications. In the beginning, this feature was pretty limited, but after a few years, it got much better with support for Adaptive Cards, List Cards, Hero Cards, Thumbnail Cards, and Office 365 Connector Card.
16 Jan 2022
PowerShell Automating Administration
Powershell – Change DNS IP Addresses remotely
0
09 Feb 2016
PSBlackListChecker
PSBlackListChecker – Notifications to Microsoft Teams, Slack of Blacklisted IPs
02 Nov 2018
PSWriteWord 0.5
PSWriteWord – Add-WordTable / Add-WordText Expanded
07 Jul 2018
PSWinDocumentation – Version 0.1 with Word / Excel export
A few weeks ago I’ve released my first version of PSWinDocumentation. It was simple, one command module where you start it and get some basic AD stuff into Microsoft Word document. Today… I’m releasing a new version that has a bit bigger feature set. Are you ready for it? Let’s go!
23 Aug 2018
PSWinDocumentation
PSWinDocumentation – Export to Word, Excel, SQL of AD, AWS, Exchange, O365 Exchange, O365 Azure AD
Today I’m pushing forward with PSWinDocumentation project. I’ve fixed some bugs but I also added a couple of new features. I did lie a bit in the first sentence because this time it’s not all me. I got help from Mateusz Niemczyk who is a certified AWS engineer working for Euvic with me on some projects. If you’ve not yet guessed where I got him involved from the introduction – yes we’re adding basic AWS data support to PSWinDocumentation. But that’s not all…
23 Sep 2018
SFTP/FTPS using PowerShell
Easy way to connect to FTPS and SFTP using PowerShell
FTPS and SFTP are two ways to send and receive files from remote sources. While the name suggests both do the same thing, those are different protocols, in the end, having the same goal. A few weeks back, I had to make sure I can reliably download files from FTPS server using PowerShell, and since I couldn’t find anything straightforward to use, I decided to write my own. Transfertto is a new PowerShell module that supports both FTPS and SFTP protocols. Its goal is to be the only module that you need to transfer files to and from FTP/SFTP servers.
29 Aug 2021
Creating Office 365 Migration Diagram with PowerShell
A few weeks ago, I posted a concept migration diagram for Office 365 to Twitter and Facebook. Today I thought I would show you how you can do it yourself using PowerShell and PSWriteHTML PowerShell module. When I started working on this, I’ve thought I want to create before and after infrastructure to see how it will look when migration ends. I’ve initially planned to assign myself an Office 365 Visio Plan 2 license and do something manually, thinking it may be just much easier. Unfortunately for me, there were no free Visio licenses in my tenant, and my laziness took over, so I’ve decided to give it a go using PowerShell only.
03 Jan 2021
PSWinReporting - Find-Events
The only PowerShell Command you will ever need to find out who did what in Active Directory
While the title of this blog may be a bit exaggeration, the command I’m trying to show here does it’s best to deliver on the promise. What you’re about to witness here is something I’ve worked on for a while now, and it meets my basic needs. If you don’t have SIEM product or products that monitor who does what in Active Directory this command makes it very easy, even for people who don’t have much experience in reading Event Logs. If you’d like to learn about working with Windows Event Logs here’s a great article I wrote recently – PowerShell – Everything you wanted to know about Event Logs and then some.
28 Apr 2019
PowerShell – Returning one object from a function as an Array
Few weeks had passed since I’ve initially written PowerShell – Few tricks about HashTables and Arrays I wish I knew when I started. I was happily using my tips and tricks myself till today when I noticed a strange problem. Do you know how I showed you that you could use a comma to return Array with just one member (that otherwise would be unwrapped and end up a string)?
08 Mar 2019