Is it possible to enable TLS 1.2 as default in Powershell

Tagged: ,

This topic contains 4 replies, has 4 voices, and was last updated by  TeeStar 1 month ago.

  • Author
    Posts
  • #68230

    Fredrik Kacsmarck
    Participant

    Have searched and it seems that it should be possible to set the default values via various regkey's.
    But so far none of them have changed the output of:

    [Net.ServicePointManager]::SecurityProtocol
    

    So is there a way to include TLS12 as default and not just SSL3 and TLS?

    I know you can set this manually in a session.
    But I'm wondering if this can be set as a default setting.

  • #68301

    Mike Shepard
    Participant

    Try this:

    [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;

    It should work against subsequent Invoke-WebRequest calls.

  • #68304

    Fredrik Kacsmarck
    Participant

    Yes but not in the next session without adding it again or e.g. if you're e.g. using DSC.
    Via various pages they suggest that you can set the regkeys for schannel, the .netframework hive etc. but nothing seem to affect the defaults of PS.

    • #75301

      TeeStar
      Participant

      You can put

      [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12; 

      in your Microsoft.PowerShell_profile.ps1 and/or Microsoft.PowerShellISE_profile.ps1.

  • #75292

    Kevin
    Participant

    I tried this:
    [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;

    and get this:
    Cannot convert null to type "System.Net.SecurityProtocolType" due to invalid enumeration values. Specify one o
    f the following enumeration values and try again. The possible enumeration values are "Ssl3, Tls"."

    I am running Win7 Enterprise SP1, and and have the following installed:
    Microsoft .NET Framework 4.6.2 Targeting Pack
    Microsoft .NET Framework 4.5.2 Multi-Targeting Pack
    Microsoft .NET Framework 4.6.2 Targeting Pack (ENU)
    Microsoft .NET Framework 4.6.2
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft .NET Framework 4.5 Multi-Targeting Pack
    Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU)
    Microsoft .NET Framework 4.6.2 SDK
    Microsoft .NET Framework 4.5 SDK

    I have followed steps getting TLS1.1 and TLS1.2 setup in the registry:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

    All to no avail.

    Any ideas welcome!

You must be logged in to reply to this topic.