From 4cec83471c47af37a7467afc41120354214cc5dc Mon Sep 17 00:00:00 2001
From: Dave <steve-dave@users.noreply.github.com>
Date: Fri, 11 Aug 2017 11:00:34 +1000
Subject: [PATCH] win_get_url.ps1 - enable TLS1.1/TLS1.2 if they're available
 but disabled (#26833)

---
 lib/ansible/modules/windows/win_get_url.ps1 | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/lib/ansible/modules/windows/win_get_url.ps1 b/lib/ansible/modules/windows/win_get_url.ps1
index e13542f1bd..bb615353b7 100644
--- a/lib/ansible/modules/windows/win_get_url.ps1
+++ b/lib/ansible/modules/windows/win_get_url.ps1
@@ -93,6 +93,15 @@ Function Download-File($result, $url, $dest, $username, $password, $proxy_url, $
     }
 }
 
+# Enable TLS1.1/TLS1.2 if they're available but disabled (eg. .NET 4.5)
+$security_protcols = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::SystemDefault
+if ([Net.SecurityProtocolType].GetMember("Tls11").Count -gt 0) {
+    $security_protcols = $security_protcols -bor [Net.SecurityProtocolType]::Tls11
+}
+if ([Net.SecurityProtocolType].GetMember("Tls12").Count -gt 0) {
+    $security_protcols = $security_protcols -bor [Net.SecurityProtocolType]::Tls12
+}
+[Net.ServicePointManager]::SecurityProtocol = $security_protcols
 
 If ($force -or -not (Test-Path -Path $dest)) {