How to confirm via PowerShell that TLS 1.2 is available on the OS?

Question

In Windows Server 2016 it is possible via Group Policy to disable use of TLS 1.2.

We would like to add a check to our installer script in PowerShell to see if TLS 1.2 is available. Note that this is different than checking if a URL uses TLS 1.2, or if TLS 1.2 is enabled in the current PowerShell session. We would like to check if TLS 1.2 is available from the OS or if it has been disabled through administrator Group Policy configuration.

Does anyone know how to do this? Any help would be greatly appreciated. Has not been great info online on the subject.

mklement0 mklement0 · Accepted Answer · 2020-11-26T19:28:44

Use the following:

$available = try {
  $orig = [Net.ServicePointManager]::SecurityProtocol
  [Net.ServicePointManager]::SecurityProtocol = 'Tls12'
  [bool] [System.Net.WebRequest]::Create('https://example.org/')
} catch {
  $false
} finally {
  [Net.ServicePointManager]::SecurityProtocol = $orig
}

How to confirm via PowerShell that TLS 1.2 is available on the OS?

1 Answers