locked
How to use TLS 1.1 or 1.2 for Invoke-WebRequest RRS feed

  • Question

  • Hello,

    I have a request to contact a web system. The suggested way from the producer is to make a Invoke-WebRequest via powershell. So I created a powershell script. While running this I getting the error:

    #####

    Invoke-WebRequest : The underlying connection was closed: An unexpected error occurred on a send. At C:\Temp\Unbenannt1.ps1:85 char:1 + Invoke-WebRequest https://SERVERADDRESS -UseBasicParsing + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc eption + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

    #####

    I searched through the internet and found there is a problem with the encryption. I found a lot of solutions (e. g. TLS support for HTTP Task #8 or How do I disable SSL fallback and use only TLS or You receive one or more error messages when you try to make an HTTP request Resolution J) but nothing helped.

    I have also done the steps described at this link: Setup your IIS for SSL Perfect Forward Secrecy and TLS 1.2  beginning at "# Add and Enable TLS 1.0 for client and server SCHANNEL communications" but with no success. After restart of the server the failure is the same.

    How can I make a Invoke-WebRequest for a https address usingTLS 1.1 or 1.2?

    Regards. 


    Tuesday, November 3, 2015 2:43 PM

Answers

  • Use [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 before calling invoke-webrequest


    - Daniele
    Microsoft MVP System Center Cloud and Datacenter Management

    Unisciti alla community italiana per System Center http://www.ugisystemcenter.org

    http://nocentdocent.wordpress.com
    This posting is provided “AS IS” with no warranties, and confers no rights.
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    • Proposed as answer by Oldguard Monday, October 10, 2016 8:41 PM
    • Marked as answer by SCOM Admin KKH Wednesday, November 16, 2016 11:37 AM
    Tuesday, August 23, 2016 3:41 PM
  • Sounds like a site problem to me.  TLS is negotiated.  IE sets this for the whole machine/account.  It is clear that the  also disable it there.  MS posted a security patch to disable SSL.  SSL should not ever be used.


    \_(ツ)_/


    • Edited by jrv Thursday, November 5, 2015 2:34 PM
    • Marked as answer by Elaine Jing Monday, December 14, 2015 7:34 AM
    Thursday, November 5, 2015 2:31 PM

All replies

  • Many sites do not support TLS. Setting it will cause the failure.  SSL is now being blocked on most systems due to recent attacks.  I have customers that would not listen when told they needed o upgrade the servers to use TLS and now they are having issues.  On all sites I can control SSL has been disabled.


    \_(ツ)_/

    Tuesday, November 3, 2015 5:37 PM
  • Hello jrv,

    thanks for your reply. The site I have to connect is using TLS, not SSL. Whats your suggestion to get a connection between the site and my server system?

    Wednesday, November 4, 2015 8:25 AM
  • TLS will be negotiated if you system is up to date.  I think your real problem is that SSL has been disabled and TLS is not supported by the site.

    Be sure TLS is enabled in your browser.


    \_(ツ)_/

    Wednesday, November 4, 2015 1:12 PM
  • The site allows only TLS 1.1 and 1.2 nothing else. From a workstation client we have the effect that we can reach the site with Firefox or Chrome but not with IE.

    The TLS settings are done but the request is not successful.

    Thursday, November 5, 2015 2:13 PM
  • Sounds like a site problem to me.  TLS is negotiated.  IE sets this for the whole machine/account.  It is clear that the  also disable it there.  MS posted a security patch to disable SSL.  SSL should not ever be used.


    \_(ツ)_/


    • Edited by jrv Thursday, November 5, 2015 2:34 PM
    • Marked as answer by Elaine Jing Monday, December 14, 2015 7:34 AM
    Thursday, November 5, 2015 2:31 PM
  • Use [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 before calling invoke-webrequest


    - Daniele
    Microsoft MVP System Center Cloud and Datacenter Management

    Unisciti alla community italiana per System Center http://www.ugisystemcenter.org

    http://nocentdocent.wordpress.com
    This posting is provided “AS IS” with no warranties, and confers no rights.
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    • Proposed as answer by Oldguard Monday, October 10, 2016 8:41 PM
    • Marked as answer by SCOM Admin KKH Wednesday, November 16, 2016 11:37 AM
    Tuesday, August 23, 2016 3:41 PM
  • Got this error, and the issue was with the client not trying to use TLSv1.2. See Daniele Grandini's solution which worked for me:

    Use [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 before calling invoke-webrequest

    Wednesday, October 26, 2016 7:57 PM