GitHub shut down an old insecure encryption cypher, and paket.bootstrapper.exe is not able to talk to their servers. More info here:
https://githubengineering.com/crypto-removal-notice/
Please provide the steps required to reproduce the problem
Download latest paket.bootstrapper.exe
Try to run it. Observe error.
Checking Paket version (downloading latest stable)...
The request was aborted: Could not create SSL/TLS secure channel. (Github - cached)
The bootstrapper downloads the latest version of paket.exe.
Checking Paket version (downloading latest stable)...
The request was aborted: Could not create SSL/TLS secure channel. (Github - cached)
None.
Workaround
Add registry keys to force NET framework to use strong encryption. For example PowerShell commands:
new-itemproperty -path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" -name "SchUseStrongCrypto" -Value 1 -PropertyType "DWord";
new-itemproperty -path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319" -name "SchUseStrongCrypto" -Value 1 -PropertyType "DWord"
Any idea on expected resolution timeline? Workaround is easy enough locally but needs more work for CI servers.
As you can see pull request is in progress #3066
Still, it will need to changes in source after the owner of this repository release it (commit new bootstrapper). I'm just an unlucky user, who need workaround ASAP 😄
Also, all source code branches would need an updated bootstrap if you add the bootstrapper into your repo...
You can also force the download from nuget using --force-nuget or by configuring paket.bootstrapper.exe.config as described in the bootstrapper documentation.
If you're using magic mode, you can use the following paket.exe.config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="ForceNuget" value="True"/>
</appSettings>
</configuration>
I've updated to the bootstrapper in the 5.141.0 release (with the fix from #3066), I now get a different error in 'magic mode':
The request was aborted: The connection was closed unexpectedly. (Github - cached (temporarily ignore updates))
In normal mode, I see this:
Checking Paket version (downloading latest stable)...
Hash file of version 5.141.0 not found in cache.
Starting download from https://github.com/fsprojects/Paket/releases/download/5.141.0/paket-sha256.txt
'Github - cached' download failed. If using Mono, you may need to import trusted certificates using the 'mozroots' tool as none are contained by default. Trying fallback download from 'Nuget - cached'.
No only paket.exe.config helps
Any ideas what's still going wrong?
Updated VS this morning and now VS and Rider both claim I don't have .NET Framework 4.5 SDK, so Paket won't build anymore. Once I've shaved that yak I'll see if I can debug and get more info...
the release is missing the sha256.txt file...don't know if that helps

Ah, yeah. Clicking the link in the error message I posted gives you a 404.
uploaded in 5.142.0

Seem good now for me.
and in magic mode

Thanks everyone
Am 23.02.2018 11:11 schrieb "Chris Blyth" notifications@github.com:
[image: image]
https://user-images.githubusercontent.com/1046836/36589027-d8bef698-1881-11e8-895d-12a053a56a75.pngSeem good now for me.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/fsprojects/Paket/issues/3065#issuecomment-367966914,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AADgNF96wksP9HBFpCoZMk3ReSfg4Gstks5tXo7MgaJpZM4SP6kq
.
Thank you for quick fix!
Could someone post a description of what we should do?
For example, at the moment I just have this paket.exe
```
Directory of C:\GitHub\dsyme\visualfsharp\fcs.paket
09/01/2018 10:37 63,784 paket.exe
1 File(s) 63,784 bytes
0 Dir(s) 63,022,436,352 bytes free
````
If you send a link to the replacement I can replace it. I assume the appropriate replacement is the paket.bootstrapper.exe here https://github.com/fsprojects/Paket/releases/tag/5.142.0 but I have to manually rename it to be paket.exe?
@dsyme That's correct.
@samhanes thanks!
Just to confirm - I had this exact issue with an extant project (VS Code + Win10) and downloading paket.bootstrapper.exe (as linked above) into .paket in my project, then renaming it to paket.exe, fixed the issue. Didn't have to restart VS Code.
macOS / linux is not fixed by the above (from what I experienced myself), instead, download a new version of paket and assume Mr. Stenberg tells you the truth about what authorities to trust ;):
curl -L -o /tmp/cacert.pem https://curl.haxx.se/ca/cacert.pem
cert-sync --user /tmp/cacert.pem
export MONO_TLS_PROVIDER=btls
mono .paket/paket.exe install -vv
Note that this trusts the local DNS server to resolve curl.haxx.se to a valid domain, and that domain is unsigned https://dnssec-debugger.verisignlabs.com/curl.haxx.se — here is the SHA256 sum I saw 2018-02-26:
defe310a0184a12e4b1b3d147f1d77395dd7a09e3428373d019bef5d542ceba3 /tmp/cacert.pem
This could probably be closed as fixed?
Most helpful comment
Workaround
Add registry keys to force NET framework to use strong encryption. For example PowerShell commands: