Skip to content

Instantly share code, notes, and snippets.

@peaeater
Created December 1, 2021 22:46
Show Gist options
  • Save peaeater/ddaa228f5d1bb9b71f7314cc6a7e297a to your computer and use it in GitHub Desktop.
Save peaeater/ddaa228f5d1bb9b71f7314cc6a7e297a to your computer and use it in GitHub Desktop.
Tells .net to use strongest available TLS. Global setting - modifies registry keys.
<#
Modifies regedit to tell all versions of .NET to use strongest available TLS. Global setting.
Requires admin privileges.
Peter Tyrrell
#>
# check for admin
if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Warning ("You do not have admin privileges. Re-run this script as an administrator.")
break
}
write-output "Supported protocols before: $([Net.ServicePointManager]::SecurityProtocol)"
$key1 = "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319"
set-itemproperty -path $key1 -name 'SchUseStrongCrypto' -value '1' -type DWord
write-output "> Modified $key1"
$key2 = "HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319"
set-itemproperty -path $key2 -name 'SchUseStrongCrypto' -value '1' -type DWord
write-output "> Modified $key2"
write-output "Supported protocols after: $([Net.ServicePointManager]::SecurityProtocol)"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment