PowerShell: Could not create SSL/TLS secure channel

by

One of our techs pointed out that some of the tools that we install on our clients’ PCs weren’t present on a new client’s PCs, so off to the logs I went…

I found that the missing tools are deployed by Chocolatey, which was also missing. I found that Chocolatey generated this error when trying to install:

“DownloadString” with “1” argument(s): “The request was aborted: Could not create SSL/TLS secure channel.”

This Chocolatey support article indicates a lack of TLS 1.2 compatibility on the affected machines. I’ll save you all the running around I did to see whether the OSs on the clients’ machines supported TLS 1.2 (they did) but once I was sure that it wasn’t an OS issue, I found this Microsoft support article, which indicates that “Windows PowerShell uses .NET Framework 4.5, which does not include TLS 1.2 as an available protocol.”

The workaround indicated in that section did it for us:

reg add HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 /v SystemDefaultTlsVersions /t REG_DWORD /d 1 /f /reg:64

I pushed this out with a GPO, after which Chocolatey could install, and our tools downloaded!