From 35da8e8a04862286e6545d21996f6055873f0303 Mon Sep 17 00:00:00 2001 From: Charles Crossan Date: Mon, 23 Jul 2018 16:19:33 -0400 Subject: [PATCH] move the TLS detection block of win_url before creating WebRequest --- lib/ansible/modules/windows/win_uri.ps1 | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/lib/ansible/modules/windows/win_uri.ps1 b/lib/ansible/modules/windows/win_uri.ps1 index 7d04055d610..322d4ca8fc9 100644 --- a/lib/ansible/modules/windows/win_uri.ps1 +++ b/lib/ansible/modules/windows/win_uri.ps1 @@ -67,6 +67,16 @@ if ($status_code) { } } +# Enable TLS1.1/TLS1.2 if they're available but disabled (eg. .NET 4.5) +$security_protcols = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::SystemDefault +if ([Net.SecurityProtocolType].GetMember("Tls11").Count -gt 0) { + $security_protcols = $security_protcols -bor [Net.SecurityProtocolType]::Tls11 +} +if ([Net.SecurityProtocolType].GetMember("Tls12").Count -gt 0) { + $security_protcols = $security_protcols -bor [Net.SecurityProtocolType]::Tls12 +} +[Net.ServicePointManager]::SecurityProtocol = $security_protcols + $client = [System.Net.WebRequest]::Create($url) $client.Method = $method $client.Timeout = $timeout * 1000 @@ -98,17 +108,6 @@ if (-not $validate_certs) { [System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true } } -# Enable TLS1.1/TLS1.2 if they're available but disabled (eg. .NET 4.5) -$security_protcols = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::SystemDefault -if ([Net.SecurityProtocolType].GetMember("Tls11").Count -gt 0) { - $security_protcols = $security_protcols -bor [Net.SecurityProtocolType]::Tls11 -} -if ([Net.SecurityProtocolType].GetMember("Tls12").Count -gt 0) { - $security_protcols = $security_protcols -bor [Net.SecurityProtocolType]::Tls12 -} -[Net.ServicePointManager]::SecurityProtocol = $security_protcols - - if ($null -ne $content_type) { $client.ContentType = $content_type }