---

- block:
    - name: test SSL connection
      win_shell: "[System.Net.WebRequest]::Create('https://github.com').GetResponse()"

  rescue:
    - name: enable TLSv1.2 support
      win_regedit:
        path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\{{ item.type }}
        name: '{{ item.property }}'
        data: '{{ item.value }}'
        type: dword
        state: present
      register: enable_tls12
      loop:
        - type: Server
          property: Enabled
          value: 1
        - type: Server
          property: DisabledByDefault
          value: 0
        - type: Client
          property: Enabled
          value: 1
        - type: Client
          property: DisabledByDefault
          value: 0

    - name: enable strong crypto
      win_regedit:
        path: HKLM:\{{ item }}
        name: SchUseStrongCrypto
        data: 1
        type: dword
        state: present
      loop:
        - 'SOFTWARE\Microsoft\.NETFramework\v4.0.30319'
        - 'SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'

    - name: reboot if TLS config was applied
      win_reboot:
      when: enable_tls12 is changed