The request was aborted: Could not create SSL/TLS secure channel.

2021-10-08 19:53:57 浏览数 (1)

invoke-webrequest 一个url 获取文件时报错invoke-webrequest : The request was aborted: Could not create SSL/TLS secure channel.

invoke-webrequest "http://www.7-zip.org/a/7z1900-x64.msi" -outfile "c:7z1900.msi"

【临时办法】

powershell执行

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

【彻底办法】

通过注册表实现,将以下代码另存为tls1.2_on.reg,双击点“是”导入后,再打开powershell执行[Net.ServicePointManager]::SecurityProtocol 就会显示SystemDefault,这样后续关闭powershell打开也不会有问题了

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv4.0.30319]

"SystemDefaultTlsVersions"=dword:00000001

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoft.NETFrameworkv4.0.30319]

"SystemDefaultTlsVersions"=dword:00000001

[HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv2.0.50727]

"SystemDefaultTlsVersions"=dword:00000001

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoft.NETFrameworkv2.0.50727]

"SystemDefaultTlsVersions"=dword:00000001

【过程分析】

server2016系统上powershell执行这句命令报错The request was aborted: Could not create SSL/TLS secure channel.

invoke-webrequest "http://www.7-zip.org/a/7z1900-x64.msi" -outfile "c:7z1900.msi"

server 2016 powershell运行 [Net.ServicePointManager]::SecurityProtocol 查看没有Tls12。

目前Tls12(tls1.2,powershell里如果启用了,会显示Tls12)已是主流,IE浏览器不支持低于Tls12的https访问了,不改造直接访问一些URL会报SSL/TLS相关的error msg。

server 2016需要按照下面的办法改造,server 2019的powershell默认已有tls1.2,无需改造。

https://docs.microsoft.com/zh-cn/powershell/module/powershellget/?view=powershell-7

As of April 2020, the PowerShell Gallery no longer supports Transport Layer Security (TLS) versions 1.0 and 1.1. If you are not using TLS 1.2 or higher, you will receive an error when trying to access the PowerShell Gallery. Use the following command to ensure you are using TLS 1.2:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

For more information, see the announcement in the PowerShell blog.

powershell里执行[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12只是临时办法,关闭powershell下次再打开powershell还是旧的Ssl3, Tls。永久的办法是通过注册表实现,前面已经陈述。

解决了tls1.2的问题后再访问invoke-webrequest "http://www.7-zip.org/a/7z1900-x64.msi" -outfile "c:7z1900.msi" 就不报错了,成功get到文件。

0 人点赞