diff --git a/launcher/src/win64/dist/BDeploy.exe b/launcher/src/win64/dist/BDeploy.exe
index c0f2b371a..b9a59b536 100644
Binary files a/launcher/src/win64/dist/BDeploy.exe and b/launcher/src/win64/dist/BDeploy.exe differ
diff --git a/launcher/src/win64/dist/FileAssoc.exe b/launcher/src/win64/dist/FileAssoc.exe
index a4023018f..2e1441224 100644
Binary files a/launcher/src/win64/dist/FileAssoc.exe and b/launcher/src/win64/dist/FileAssoc.exe differ
diff --git a/launcher/src/win64/dist/bin/Installer.bin b/launcher/src/win64/dist/bin/Installer.bin
index 0a3b37353..7c5b8f953 100644
Binary files a/launcher/src/win64/dist/bin/Installer.bin and b/launcher/src/win64/dist/bin/Installer.bin differ
diff --git a/windows-apps/Installer/App.xaml.cs b/windows-apps/Installer/App.xaml.cs
index 61695d060..28e419dfc 100644
--- a/windows-apps/Installer/App.xaml.cs
+++ b/windows-apps/Installer/App.xaml.cs
@@ -1,5 +1,6 @@
 using Bdeploy.Installer.Models;
 using Bdeploy.Shared;
+using System.Net;
 using System.Threading.Tasks;
 using System.Windows;
 
@@ -9,6 +10,10 @@ namespace Bdeploy.Installer {
     /// </summary>
     public partial class App : Application {
         async void App_Startup(object sender, StartupEventArgs e) {
+            // Enforce usage of TLS 1.2
+            // We target .NET 4.5 and therefore we need to explicitly change the default
+            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
+
             // Whether or not to perform an unattended installation
             bool unattended = Utils.HasArgument(e.Args, "/Unattended");
             bool forAllUsers = Utils.HasArgument(e.Args, "/ForAllUsers");