Skip to content

Invoke-Webrequest accepts bad TLS certificates / crypto on MacOS #1942

New issue
New issue
Closed
Closed
Invoke-Webrequest accepts bad TLS certificates / crypto on MacOS#1942
Labels
Resolution-By DesignThe reported behavior is by design.WG-Cmdletsgeneral cmdlet issues
Milestone
6.0.0-NiceToHave
@ppietikainen

Description

@ppietikainen
ppietikainen
opened on Aug 19, 2016

Steps to reproduce

Trying to write a PowerShell stub for https://github.com/ouspg/trytls , I discovered
that PowerShell (running on MacOS 10.11.6) Invoke-Webrequests accepts some invalid
certificates. Additionally, it allows the use of RC4 cryptography, which is now considered insecure.

On Ubuntu 16.04 (after installing some libcurl dependencies), these are rejected.

https://github.com/wbond/badtls.io has additional tests that I could not run, since I could not
figure out how to use a custom CA bundle, these should be investigated as well.

Expected behavior

Invoke-Webrequest https://incomplete-chain.badssl.com/ should fail
Invoke-Webrequest https://rc4.badssl.com/ should fail

Actual behavior

Site loads without throwing exception

## Environment data

Name                           Value

---

PSVersion                      6.0.0-alpha
PSEdition                      Core
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   3.0.0.0
GitCommitId                    v6.0.0-alpha.9
CLRVersion
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Metadata

Metadata

Assignees

No one assigned

    Labels

    Resolution-By DesignThe reported behavior is by design.WG-Cmdletsgeneral cmdlet issues

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions