This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
When I call
Invoke-RestMethod -Method POST -Uri $url -Body $Body -Headers $Header …
I get:
Authentication failed because the remote party sent a TLS alert: 'ProtocolVersion'.
Server is Tomcat 9 with just TLS 1.3 enabled while Powershell uses TLS 1.2 - I've checked with Wireshark:
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 167
Handshake Protocol: Client Hello
I then set
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls13
But I get the same error: Powershell still sends a TLS 1.2 Client Hello
How can I use TLS 1.3 from my Powershell scripts?
The handshake works correctly if I configure Tomcat to use TLS 1.2
I am using latest Powershell 7.1.1 with supports TLS 1.3
It seems that Windows 10 does not yet support TLS 1.3 in its stack as of today
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 94%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIX%3C/text%3E%3C/svg%3E)
What is the value returned by [Net.ServicePointManager]::SecurityProtocol ?
It returns Tls13 but according to this post my version of Windows (Version 2004, Build 19041) does not yet support it as build 20170 is required
Sorry I'm not sure if TLS 1.3 is supported in Build 19041. You can start a new thread on this with the "windows-10-general" tag.
The command of might not work ::TLS13 at the moment, depending the OS version.
Just tried it on Windows 11 with PowerShell 5.1 and 7.x and it was accepted.
According to some other documentation it is still a separate way to declare TLS 1.2, which I thought would be TLS 1.3 but it still 1.2, just looked so unusual to me, when I saw it in the script. The reason is they did not use the Displayname but the value, see ".net view".
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor 3072;
source: Azure Arc Onboarding Script
Copilot says PS does not support TLS 1.3. But it seems it depends on the .net, PowerShell 5.1+ and OS version used.
OS view (SCHANNEL etc):
https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-#tls-protocol-version-support
.net view (including [Net.ServicePointManager] class)
https://learn.microsoft.com/en-us/dotnet/api/system.net.securityprotocoltype?view=netframework-4.8
https://learn.microsoft.com/en-us/dotnet/api/system.net.securityprotocoltype?view=net-8.0
further references:
https://www.microsoft.com/en-us/security/blog/2020/08/20/taking-transport-layer-security-tls-to-the-next-level-with-tls-1-3/
https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/more-speaking-in-ciphers-and-other-enigmatic-tongues-with-a/bc-p/4064044#M1053
Hope this helps you.