This provider can't download anything in a TLS 1.2-only environment

[brianary]

In enhanced security environments using only TLS, any version of the .NET Framework before 4.7 does not honor or inherit the OS TLS settings, so must manually set the System.Net.ServicePointManager.SecurityProtocol to the appropriate value (usually at least excluding Ssl3, which was deprecated three years ago), otherwise it inherits the Framework default value of Ssl3 | Tls (SSL3 & TLS 1.0), and this provider doesn't seem to provide any way to configure that.

[ferventcoder]

@brianary choco.exe does this automatically. Currently it is recommended you use that.

[ferventcoder]

And I want to say it is .NET 4.5 for TLS 1.2 availability to be able to set it.

[brianary]

Yes, choco.exe works fine, but using the PackageManagement Chocolatey PackageProvider for the same functionality results in TLS connection failures. :(

[dragonwolf83]

Please refer to Transport Layer Security (TLS) best practices for full documentation on setting TLS defaults through registry.

This should work for installed .NET Framework v4.5.1 and above or .NET Framework 3.5. You need to have the latest patches for it to work.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[brianary]

That seems to take care of it. I wasn't aware the .NET Frameworks prior to 4.7.1 would honor the OS settings. Thanks!