We are testing out locking down our octopus instance to only allow TLS 1.2 connections (via these instructions), and we’ve had success with accessing the ui via chrome, and also success with the tentacles accessing the server.
However, we are having issues with octo.exe
accessing the server:
octo --list-projects --server https://test-octopus.example.com --apikey=API-GID0R3XUOYXPDQBEZ4DDA6KA
Octopus Deploy Command Line Tool, version 3.3.7+Branch.master.Sha.3dfbf2ea54a21d
d47d6d1ef0be02c7540f703fe9
Handshaking with Octopus server: https://test-octopus.example.com
System.Exception: Unable to connect to the Octopus Deploy server. See the inner
exception for details. ---> System.Net.WebException: The underlying connection w
as closed: An unexpected error occurred on a send. ---> System.IO.IOException: U
nable to read data from the transport connection: An existing connection was for
cibly closed by the remote host. ---> System.Net.Sockets.SocketException: An exi
sting connection was forcibly closed by the remote host
at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size,
SocketFlags socketFlags)
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 s
ize)
--- End of inner exception stack trace ---
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 s
ize)
at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 c
ount)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocol
Request asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToke
n message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, A
syncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byt
e[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyRes
ult)
at System.Net.TlsStream.CallProcessAuthentication(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionCo
ntext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, C
ontextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, C
ontextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetResponse()
at Octopus.Client.OctopusClient.DispatchRequest[TResponseResource](OctopusReq
uest request, Boolean readResponse)
at Octopus.Client.OctopusClient.Get[TResource](String path, Object pathParame
ters)
at Octopus.Client.OctopusClient.EstablishSession()
--- End of inner exception stack trace ---
at Octopus.Client.OctopusClient.EstablishSession()
at System.Lazy`1.CreateValue()
at System.Lazy`1.LazyInitValue()
at System.Lazy`1.get_Value()
at Octopus.Client.OctopusClient.get_RootDocument()
at OctopusTools.Commands.ApiCommand.Execute(String[] commandLineArguments)
at OctopusTools.Program.Main(String[] args)
Exit code: -3
I see that it’s compiled under .net 4.5, so TLS 1.2 should be available to it, but the connectivity code appears to be in Octopus.Client, which is not open source, so I cant investigate further.
Can you please investigate? Given the recent SSLv2 vulnerability, I (like to) think that lots of people will be looking to lock down the available protocols.
Thanks,
Matt