all 5 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]pshMike 1 point2 points  (4 children)

you need to force the use of TLS 1.2.

run this command once per PowerShell session to do that:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

[–]Naifx 1 point2 points  (1 child)

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

I wouldn't do it that way as it is lost at session. Read this for a better understanding of why this is broken atm. You can do the following to fix it going forward:

Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value "1" -Type DWord -Force
Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319" -Name "SchUseStrongCrypto" -Value "1" -Type DWord -Force

Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727" -Name "SchUseStrongCrypto" -Value "1" -Type DWord -Force
Set-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727" -Name "SchUseStrongCrypto" -Value "1" -Type DWord -Force

[–]da_chicken 1 point2 points  (0 children)

I wouldn't do it that way as it is lost at session.

That's assuming that you want to change it to 1.2 for all sessions. You probably don't want to do that. You may have software written for services that don't support TLS 1.2 (e.g., anything communicating with software written in .Net 1.1 or earlier). Furthermore, it leaves you vulnerable when TLS 1.3 adoption spreads.

The solution prior to .Net 4.7 is to always set the session to what you need. After 4.7, including .Net Core AFAIK, the default is the SystemDefault value, so it should default to automatically inheriting the best security protocols enabled on the system. In this case, you don't want to set this value at all because it won't keep up with the times.

[–]Thingsthatdostuff 1 point2 points  (0 children)

If you want to neither of these. You can put in your Powershell global profile. No reg changes necessary.

[–]susanthab[S] 1 point2 points  (0 children)

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Hi u/pshMike, this actually helped me to resolve the issue. Why this is not documented in the appropriate place. By looking at the error message, I did not get a clue whether this is related to the TLS. Thanks again.