diff --git a/src/NzbDrone.Common/NzbDrone.Common.csproj b/src/NzbDrone.Common/NzbDrone.Common.csproj
index ff9a16604..f5c53d1fe 100644
--- a/src/NzbDrone.Common/NzbDrone.Common.csproj
+++ b/src/NzbDrone.Common/NzbDrone.Common.csproj
@@ -208,6 +208,7 @@
     <Compile Include="Properties\SharedAssemblyInfo.cs" />
     <Compile Include="Reflection\ReflectionExtensions.cs" />
     <Compile Include="Extensions\ResourceExtensions.cs" />
+    <Compile Include="Security\SecurityProtocolPolicy.cs" />
     <Compile Include="Security\X509CertificateValidationPolicy.cs" />
     <Compile Include="Serializer\HttpUriConverter.cs" />
     <Compile Include="Serializer\IntConverter.cs" />
diff --git a/src/NzbDrone.Common/Security/SecurityProtocolPolicy.cs b/src/NzbDrone.Common/Security/SecurityProtocolPolicy.cs
new file mode 100644
index 000000000..5c880c4ae
--- /dev/null
+++ b/src/NzbDrone.Common/Security/SecurityProtocolPolicy.cs
@@ -0,0 +1,40 @@
+using System;
+using System.Net;
+using NLog;
+using NzbDrone.Common.Instrumentation;
+
+namespace NzbDrone.Common.Security
+{
+    public static class SecurityProtocolPolicy
+    {
+        private static readonly Logger Logger = NzbDroneLogger.GetLogger(typeof(SecurityProtocolPolicy));
+
+        private const SecurityProtocolType Tls11 = (SecurityProtocolType)768;
+        private const SecurityProtocolType Tls12 = (SecurityProtocolType)3072;
+
+        public static void Register()
+        {
+            try
+            {
+                // TODO: In v3 we should drop support for SSL3 because its very insecure. Only leaving it enabled because some people might rely on it.
+                var protocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls;
+
+                if (Enum.IsDefined(typeof(SecurityProtocolType), Tls11))
+                {
+                    ServicePointManager.SecurityProtocol |= Tls11;
+                }
+
+                if (Enum.IsDefined(typeof(SecurityProtocolType), Tls12))
+                {
+                    ServicePointManager.SecurityProtocol |= Tls12;
+                }
+
+                ServicePointManager.SecurityProtocol = protocol;
+            }
+            catch (Exception ex)
+            {
+                Logger.Debug(ex, "Failed to set TLS security protocol.");
+            }
+        }
+    }
+}
diff --git a/src/NzbDrone.Host/Bootstrap.cs b/src/NzbDrone.Host/Bootstrap.cs
index 392478458..0422665ad 100644
--- a/src/NzbDrone.Host/Bootstrap.cs
+++ b/src/NzbDrone.Host/Bootstrap.cs
@@ -22,6 +22,7 @@ namespace NzbDrone.Host
             try
             {
                 X509CertificateValidationPolicy.Register();
+                SecurityProtocolPolicy.Register();
 
                 Logger.Info("Starting Sonarr - {0} - Version {1}", Assembly.GetCallingAssembly().Location, Assembly.GetExecutingAssembly().GetName().Version);
 
diff --git a/src/NzbDrone.Host/Owin/OwinHostController.cs b/src/NzbDrone.Host/Owin/OwinHostController.cs
index 09efd0b24..ada81e390 100644
--- a/src/NzbDrone.Host/Owin/OwinHostController.cs
+++ b/src/NzbDrone.Host/Owin/OwinHostController.cs
@@ -34,8 +34,6 @@ namespace NzbDrone.Host.Owin
 
         public void StartServer()
         {
-            X509CertificateValidationPolicy.Register();
-
             if (OsInfo.IsWindows)
             {
                 if (_runtimeInfo.IsAdmin)
diff --git a/src/NzbDrone.Update/UpdateApp.cs b/src/NzbDrone.Update/UpdateApp.cs
index 6cb1c0ab4..f379ba99c 100644
--- a/src/NzbDrone.Update/UpdateApp.cs
+++ b/src/NzbDrone.Update/UpdateApp.cs
@@ -36,6 +36,7 @@ namespace NzbDrone.Update
                 Logger.Info("Starting Sonarr Update Client");
 
                 X509CertificateValidationPolicy.Register();
+                SecurityProtocolPolicy.Register();
 
                 _container = UpdateContainerBuilder.Build(startupArgument);