Force TLS 1.2 in PowerShell

It's no secret that the industry has been working hard to disable insecure protocols and cipher suites. This is a good thing however many of the utilities and programs that make HTTP connections are yet to be updated to support these changes graceful.

A perfect example if Windows PowerShell. Windows PowerShell uses the .NET Framework under the hood which by default still uses an insecure version of TLS on client Operating Systems.

Here is an example of running a script against GitHub who have disabled insecure TLS procols.

Invoke-RestMethod : The request was aborted: Could not create SSL/TLS secure channel.
At C:\Clean-GitReleases.ps1:4 char:9
+ $tags = Invoke-RestMethod -Headers $headers -Uri "https://api.github. ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

To enable TLS 1.2 by default run the following in our PowerShell session:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Author image
About Jacob Hodges