peaeater/force-latest-tls.ps1

## force-latest-tls.ps1
<#
	Modifies regedit to tell all versions of .NET to use strongest available TLS. Global setting.
	Requires admin privileges.

	Peter Tyrrell
#>

# check for admin
if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
    Write-Warning ("You do not have admin privileges. Re-run this script as an administrator.")
    break
}
write-output "Supported protocols before: $([Net.ServicePointManager]::SecurityProtocol)"

$key1 = "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319"
set-itemproperty -path $key1 -name 'SchUseStrongCrypto' -value '1' -type DWord
write-output "> Modified $key1"

$key2 = "HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319"
set-itemproperty -path $key2 -name 'SchUseStrongCrypto' -value '1' -type DWord
write-output "> Modified $key2"

write-output "Supported protocols after: $([Net.ServicePointManager]::SecurityProtocol)"
	<#
	Modifies regedit to tell all versions of .NET to use strongest available TLS. Global setting.
	Requires admin privileges.

	Peter Tyrrell
	#>

	# check for admin
	if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
	Write-Warning ("You do not have admin privileges. Re-run this script as an administrator.")
	break
	}
	write-output "Supported protocols before: $([Net.ServicePointManager]::SecurityProtocol)"

	$key1 = "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319"
	set-itemproperty -path $key1 -name 'SchUseStrongCrypto' -value '1' -type DWord
	write-output "> Modified $key1"

	$key2 = "HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319"
	set-itemproperty -path $key2 -name 'SchUseStrongCrypto' -value '1' -type DWord
	write-output "> Modified $key2"

	write-output "Supported protocols after: $([Net.ServicePointManager]::SecurityProtocol)"