Invoke-WebRequest SSL fails? Invoke-WebRequest SSL fails? powershell powershell

Invoke-WebRequest SSL fails?


powershell ssl

As BaconBits notes, .NET version > 4.5 uses SSLv3 and TLS 1.0 by default.

You can change this behavior by setting the SecurityProtocol policy with the ServicePointManager class:

PS C:\> $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'PS C:\> [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocolsPS C:\> (Invoke-WebRequest -Uri "https://idp.safenames.com/").StatusCode200

This will apply to all requests in the AppDomain (so it only applies to the current instance of the host application).

There's a module on GitHub and in PSGallery that can manage these settings now:

Install-Module BetterTls -Scope CurrentUserImport-Module BetterTlsEnable-Tls -Tls11 -Tls12

powershell ssl

Based on this scan, it doesn't look like that URI supports anything lower than TLS 1.1.

What version of Windows are you on? If you're on PowerShell v4.0 or lower, you're not going to be able to negotiate a TLS 1.1 or 1.2 connection because the .Net Framework doesn't support TLS 1.1 or 1.2 until .Net Framework 4.5. PowerShell v4.0 is .Net 4.0. That means the underlying System.Net.WebRequest classes can't negotiate a connection. I believe PowerShell v5.0 is .Net 4.5 or .Net 4.6, but I don't have a Win 10 client to check the $PSVersionTable right now.

You may be able to get it to work by coding the calls to WebRequest manually and specifying the protocol as [System.Net.SecurityProtocolType]::Tls12 or [System.Net.SecurityProtocolType]::Tls11, but I'm not sure if that's possible. That's supposed to work if .Net 4.5 is installed from what I'm seeing, but, again, I've never tried it.

For reference, I get the exact same results as you on Windows 7 x64/Powershell v4.0 and I've got .Net 4.5 installed, but I've never tried manually coding the WebRequest. I also get an error if I use wget for Windows 1.11.4 from here (OpenSSL 0.9.8b, well before TLS 1.1 and 1.2), but it works just fine if I use wget for Windows 1.17.1 from here (current, more or less).

powershell ssl

This can be permanently changed as well

# set strong cryptography on 32 bit .Net Framework (version 4 and above)Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord# set strong cryptography on 64 bit .Net Framework (version 4 and above)Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last