powershell could not create ssl/tsl secure

Question

I'm using a powershell script to download and execute a file, but since some time I go I get a could not create ssl/tsl secure channel.

$down = New-Object System.Net.WebClient; 
$url = 'url'; 
$file = 'file';
$down.DownloadFile($url,$file); 
$exec = New-Object -com shell.application; 
$exec.shellexecute($file); 
exit; 

Answer 1

TLS 1.2 should be enabled to get it working. In PowerShell you can find out which protocols your system supports by running this code:

[Enum]::GetNames([Net.SecurityProtocolType]) -contains 'Tls12'

If the result is True then your system supports TLS 1.2. You can find out which protocols are being used by running:

[System.Net.ServicePointManager]::SecurityProtocol.HasFlag([Net.SecurityProtocolType]::Tls12)

If the result is True then TLS 1.2 is being used . However, you can add TLS 1.2 explicitly by using:

[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12

This should solve these problems.

Answer 2

Refer this sample code. I written this couple of years when Terraform moved to TLS.

$source=<folder where file suppose to be present>
Write-Verbose -Verbose "Downloading Terraform Required"
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::TLS12
$wc = New-Object System.Net.WebClient
if ((test-path "${source}\terraform.zip") -eq $false) {
    $wc.downloadfile("https://releases.hashicorp.com/terraform/0.11.2/terraform_0.11.2_windows_amd64.zip","${source}\terraform.zip")
}
Add-Type -assembly "system.io.compression.filesystem"
[io.compression.zipFile]::ExtractToDirectory("$source\terraform.zip", $destination)

Answer 3

I had the same problem just before and how I fixed it is by changing the link. Make sure the page you're trying to download is a RAW file, for example -

https://raw.githubusercontent.com/TTT2866/Batch-username-generator/master/username_generator.bat

and not

https://github.com/TTT2866/Batch-username-generator/blob/master/username_generator.bat

Note the "raw" in the first link

Answer 4

I ran into the same error trying to install Wiki.js in Windows server. The issue was the ps1 script included TLS 1.1 as a fallback. The steps below can be changed for any other powershell install

To fix this;

1. I downloaded the install.ps1 file from installation instructions on Wiki.js installation

   iex ((New-Object System.Net.WebClient).DownloadString('https://wiki.js.org/install.ps1'))

2. Removed "tls11, tls" from the first line

   From:

   [Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"

   To:

   [Net.ServicePointManager]::SecurityProtocol = "tls12"

3. Saved the file in a local directory and changed directory (CD) into the local directory Ran the command "iex .\install.ps1"

It's all good now.

Answer 5

It may be that the site you are connection to requires TLS 1.2, whereas powershell uses TLS 1.0 by default (if I remember correctly)

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$down = New-Object System.Net.WebClient
$url = 'https://github.com/mpdairy/posh.git'
$file = 'C:\ExistingDirectory\test.git'
$down.DownloadFile($url,$file)
$exec = New-Object -com shell.application
$exec.shellexecute($file)
exit

Without using Tls 1.2, I get this error:

Exception calling "DownloadFile" with "2" argument(s): "The request was aborted: Could not create SSL/TLS
secure channel."
At line:1 char:1
+ $down.DownloadFile($url,$file)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : WebException