VTST create Octopus release using TLS1.2

TFN · 28 February 2018 11:18

Hi everybody,

We would like to stop supporting TLS1.0 and TLS1.1 on our Octopus Deploy server. If we stop supporting them, we get the following error during the VTST Build process on the Octopus create release step: “##[error]The underlying connection was closed: An unexpected error occurred on a send.” While the Octopus push package step is doing well.

The difference between those steps is that deploying a package will use octo.exe and releasing will use an Invoke-RestMethod in PowerShell.

Invoke-RestMethods in PowerShell by default will use TLS1.0, so that’s why we receive the error.

We used https://octopus.com/docs/api-and-integration/tfs-vsts/using-octopus-extension#UsetheTeamFoundationBuildCustomTask-AddaCreateOctopusReleaseStep to set-up the failing step.

We Use:

Octopus v2018.2.1 on Server 2012R2 with all available MS updates applied.
Visual Studio Team Services (Online) with the Octopus Deploy Integration installed from the Visual Studio Marketplace.
Windows 10 Pro N with all available MS updates applied as VTST Build Agent. Powershell Version: 5.1.16299.98

What is the best practice to close TLS1.0 and 1.1 on our Octopus Deploy server while keep the Create Octopus Release steps in VTST builds working?

Many thanks in advance!

Shannon_Lewis · 1 March 2018 05:09

Hi,

Thanks for reaching out and bringing this to our attention. Those steps actually both use octo.exe, which had me confused for a minute. The difference is that the create release step makes a number of calls to the VSTS REST API to gather information to build the release notes etc.

I’ve raised an issue to get the powershell scripts updated to support TLS 1.2.

We’ll also try to get this implemented as a priority, so keep an eye on that issue for progress. Hope that helps and sorry for the inconvenience.

Regards
Shannon

TFN · 1 March 2018 22:46

Thanks Shannon!

In the mean time I solved this problem by changes the following registry items on the Windows 10 Build Agent server:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
“SchUseStrongCrypto”=dword:00000001
_ _
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319]
“SchUseStrongCrypto”=dword:00000001
_ _
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.5.25000]
“SchUseStrongCrypto”=dword:00000001

CAUTION: Improper modification of the registry can cause system instability!

system · 31 March 2018 22:46

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.