Search code examples
windowspowershellsslhttpwebrequesttls1.2

TLS1.2 Powershell HttpWebClient support


I'm trying to upload a file to an https endpoint but I keep running into:

Could not create SSL/TLS secure channel.

Searching around, the endpoint does use TLS 1.2 but setting it in the script doesn't seem to have any effects at all. Any suggestions? Full script is:

#[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor "Tls12"
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
#[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$uri = New-Object "System.Uri" "https://.../docs"
$request = [System.Net.HttpWebRequest]::Create($uri)
  $request.Accept = "text/plain"
  $request.UserAgent = "foo/2.3.0.0 (windows; x86_64)"
  $request.ContentType = "application/x-tar"
  $request.Headers.Add("Content-Encoding","gzip");
  $request.Credentials = new-object System.Net.NetworkCredential("username","password","");

Try {
  $request.Method = "PUT"
  $requestStream = $request.GetRequestStream()
  $fileStream = [System.IO.File]::OpenRead("R:\\...-docs.tar.gz")
  $bufSize=10000
  $chunk = New-Object byte[] $bufSize
  while( $bytesRead = $fileStream.Read($chunk,0,$bufsize) )
  {
    $requestStream.write($chunk, 0, $bytesRead)
    $requestStream.Flush()
  }

  $responseStream = $request.getresponse()
  Write-Host "200";
  Write-Host (-join [System.Text.Encoding]::UTF8.GetChars($bodyBytes));

} Catch [System.Net.WebException] {
  $exception = $_.Exception;
  If ($exception.Status -eq [System.Net.WebExceptionStatus]::ProtocolError) {
    $response = $exception.Response -as [System.Net.HttpWebResponse];
    $reader = new-object System.IO.StreamReader($response.GetResponseStream());
    Write-Host ($response.StatusCode -as [int]);
    Write-Host $reader.ReadToEnd();
  } Else {
    Write-Host $exception;
  }
} Catch {
  Write-Host $_.Exception;
} finally {
  $fileStream.Close()
  $requestStream.Close()
  $responseStream.Close()

}

Solution

  • Turns out you get a Could not create SSL/TLS secure channel. error if your credentials are incorrect instead of an 401 unauthorized response :(