How can I use TLS 1.3 with Invoke-RestMethod?

Anonymous
2021-02-07T11:23:07.927+00:00

When I call

Invoke-RestMethod -Method POST -Uri $url -Body $Body -Headers $Header …

I get:

Authentication failed because the remote party sent a TLS alert: 'ProtocolVersion'.

Server is Tomcat 9 with just TLS 1.3 enabled while Powershell uses TLS 1.2 - I've checked with Wireshark:

TLSv1.2 Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 167
    Handshake Protocol: Client Hello

I then set

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls13

But I get the same error: Powershell still sends a TLS 1.2 Client Hello

How can I use TLS 1.3 from my Powershell scripts?

Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,408 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Karl Wester-Ebbinghaus 36 Reputation points MVP
    2024-02-21T23:58:28.7933333+00:00

    The command of might not work ::TLS13 at the moment, depending the OS version.
    Just tried it on Windows 11 with PowerShell 5.1 and 7.x and it was accepted.

    According to some other documentation it is still a separate way to declare TLS 1.2, which I thought would be TLS 1.3 but it still 1.2, just looked so unusual to me, when I saw it in the script. The reason is they did not use the Displayname but the value, see ".net view".

    [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor 3072;
    source: Azure Arc Onboarding Script

    Copilot says PS does not support TLS 1.3. But it seems it depends on the .net, PowerShell 5.1+ and OS version used.

    OS view (SCHANNEL etc):
    https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-#tls-protocol-version-support

    .net view (including [Net.ServicePointManager] class)
    https://learn.microsoft.com/en-us/dotnet/api/system.net.securityprotocoltype?view=netframework-4.8
    https://learn.microsoft.com/en-us/dotnet/api/system.net.securityprotocoltype?view=net-8.0

    further references:
    https://www.microsoft.com/en-us/security/blog/2020/08/20/taking-transport-layer-security-tls-to-the-next-level-with-tls-1-3/
    https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/more-speaking-in-ciphers-and-other-enigmatic-tongues-with-a/bc-p/4064044#M1053

    Hope this helps you.

    0 comments No comments