From f2023a84a66e8b955be98ddf6fafd3bd6c6d5f86 Mon Sep 17 00:00:00 2001
From: Benjamin Schweizer <cxcv@users.noreply.github.com>
Date: Fri, 27 Oct 2017 04:03:52 +0200
Subject: [PATCH] Enable TLS1.1 and TLS1.2 for win_package (#32184)

---
 lib/ansible/modules/windows/win_package.ps1 | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/ansible/modules/windows/win_package.ps1 b/lib/ansible/modules/windows/win_package.ps1
index e0545d6cb49..ccd7222c14d 100644
--- a/lib/ansible/modules/windows/win_package.ps1
+++ b/lib/ansible/modules/windows/win_package.ps1
@@ -36,6 +36,16 @@ if (-not $validate_certs) {
     [System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
 }
 
+# Enable TLS1.1/TLS1.2 if they're available but disabled (eg. .NET 4.5)
+$security_protcols = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::SystemDefault
+if ([Net.SecurityProtocolType].GetMember("Tls11").Count -gt 0) {
+    $security_protcols = $security_protcols -bor [Net.SecurityProtocolType]::Tls11
+}
+if ([Net.SecurityProtocolType].GetMember("Tls12").Count -gt 0) {
+    $security_protcols = $security_protcols -bor [Net.SecurityProtocolType]::Tls12
+}
+[Net.ServicePointManager]::SecurityProtocol = $security_protcols
+
 $credential = $null
 if ($username -ne $null) {
     $sec_user_password = ConvertTo-SecureString -String $password -AsPlainText -Force