Chocolatey and TLS since early 2020
Posted by jpluimers on 2020/03/19
I was upgrading a few older systems that had been off-line for quite a while.
When installing Chocolatey, I bumped into this error:
C:\bin>"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin" Exception calling "DownloadString" with "1" argument(s): "The request was aborted: Could not create SSL/TLS secure channel." At line:1 char:1 + iex ((New-Object System.Net.WebClient).DownloadString('https://chocol ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : WebException
So I tried [WayBack] chocolatey “The request was aborted: Could not create SSL/TLS secure channel.” – Google Search
Results indicated TLS 1.1 support was removed early February 2020 from Chocolatey because of security reasons, which impacts the installation on older systems:
- [WayBack] Chocolatey Software | Troubleshooting: The request was aborted: Could not create SSL/TLS secure channel
If you see the following: Exception calling “DownloadString” with “1” argument(s): “The request was aborted: Could not create SSL/TLS secure channel.” then you are likely running an older machine that needs to be upgraded to be able to use TLS 1.2 at a minimum.
Chocolatey.org now requires TLS 1.2 at a minimum. Please see https://chocolatey.org/blog/remove-support-for-old-tls-versions. The post provides options if you have older clients that need to install Chocolatey.
- [WayBack] Chocolatey Software | Removing Support For Old TLS Versions On The Chocolatey Website
We will be removing support for TLS 1.0 and TLS 1.1 from the Chocolatey Website on 3 February 2020.
…
Provisioning Older Machines?
If you find yourself provisioning machines such as Windows 7, Windows Server 2008, or older, you will find that those machines will not be able to communicate with the Chocolatey Community Repository after we implement this change. For those instances, you will need to use alternative installation methods for Chocolatey. We strongly recommend using the offline Chocolatey installation as it provides the most flexibility and reliability.
Note [WayBack] Chocolatey install Error: The request was aborted: Could not create SSL/TLS secure channel – Stack Overflow with a temporary workaround for Microsoft Windows Server 2016:
Looks like the security protocol changed:
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
–jeroen
The Wiert Corner - irregular stream of stuff 
Leave a Reply