Enable Tls1.2 and json conversion should use AsHashtable #17
Conversation
|
Thanks @jpenner-gbs ! We have intentionally avoided forcing 1.2 since it precludes (AFAICT from Microsoft's docs) TLSv1.3 support and guarantees everyone will have to do this again in a few years to support that. We're encouraging everyone to adjust registry settings as needed, which matches Microsoft's guidance. The hashtable thing is a good catch, we'll split that change out and try to get it merged. Thanks for putting the changset together. |
|
Good call on not forcing 1.2. If you've got a link on the registry keys I'd appreciate it... the registry keys we've tried on every client systems haven't worked. |
|
We've been linking people to Microsoft's docs at https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client, but results have been mixed, as you say. We don't have a single Windows license in the organization, so unfortunately our testing is limited to the CI on this project, which uses a new enough version of Windows Server the defaults are already good to go. |
PowerShell doesn't always enable newer versions of TLS like TLS 1.2. Most WIndows Servers need it explicitly enabled, otherwise they attempt to only use TLS 1.1 which has been deprecated for awhile.
Some JSON responses from Eleos may have multiple mixed-case keys that cannot be converted into case-insensitive Dictionary, which is the default ConvertFrom-Json setting. Using -AsHasthtable gets around this.