Menü Schließen

Powershell Force Invoke-WebRequest to use TLS v1.2

PowerShell Logo

Ich hatte neulich ein älteres Script in der Hand, was nicht mehr funktionierte und foglenden Fehler anzeigte:

Invoke-WebRequest : {"error":"invalid_request","error_description":"xx: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD. Your TenantID is: xx. Please refer to https://go.microsoft.com/fwlink/?linkid=2161187 and conduct needed actions to remediate the issue. xxx

Nachdem ich die Grundlagen auf dem Client bzw. Server bzw. enabled TLS1.2 geprüft habe, sieh dazu auch:

habe ich folgende Zeile das Script, da es auf dem selben Fehler lief, hinzuzufügen. Das hat zur Folge, dass TLS1.2 forziert wird:

...
[Net.ServicePointManager]::SecurityProtocol =[Net.SecurityProtocolType]::Tls12
# weiterer Code

Nachfolgend noch ein Addon um TLS 1.2 für die aktuelle Powershell Sitzung festzulegen:

$TLS12Protocol = [System.Net.SecurityProtocolType] 'Ssl3 , Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $TLS12Protocol

Thats it … Have Fun!

5 Kommentare

      • W

        PS C:\Users\xyz> [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls11

        PS C:\Users\xyz> (Invoke-WebRequest -Uri status.dev.azure.com -UseBasicParsing).StatusDescription
        Invoke-WebRequest : The underlying connection was closed: An unexpected error occurred on a send.
        At line:1 char:2
        + (Invoke-WebRequest -Uri status.dev.azure.com -UseBasicParsing).Status …
        + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
        + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
        PS C:\Users\xyz> [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
        PS C:\Users\xyz> (Invoke-WebRequest -Uri status.dev.azure.com -UseBasicParsing).StatusDescription
        OK
        PS C:\Users\xyz> [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls11
        PS C:\Users\xyz> (Invoke-WebRequest -Uri status.dev.azure.com -UseBasicParsing).StatusDescription
        OK

        It only works once, I start with TLS11 and call fails as expected, then works with tls12 and works again with tls11 🙂

        • JARVIS

          Hi,
          mh thats strange. Please try this to set the TLS for the running Powershell session: $TLS12Protocol = [System.Net.SecurityProtocolType] ‚Ssl3 , Tls12‘ and [System.Net.ServicePointManager]::SecurityProtocol = $TLS12Protocol. Does it work?

          • W

            Not really, the problem is that changing Tls „works“ but it’s just not respected by invoked web request. I’m guessing http client once created stays the same or there is a some kind of cache.So far I was not able to find an answer.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert