Tinus EngOps Wiki

Logo

OpsaC - Operating as PowerShell code

Links

Home

PowerShell Blog

PowerShell Index

PowerShell Search

Additional Websites

View my GitHub Profile

View my GitHub Gists

View Tinus IT Wiki

View my Photo Website

TLS and Cipher Suite

tags: PowerShell categories: System-Engineering

Table of Contents

Get all cipher suites

The Get-TlsCipherSuite cmdlet gets an ordered collection of cipher suites for a computer that Transport Layer Security (TLS) can use.

Get-TlsCipherSuite | Format-Table Name, Cipher*, Exchange

Output:

Name                                    CipherBlockLength CipherLength CipherSuite Cipher Exchange
----                                    ----------------- ------------ ----------- ------ --------
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA                     16          128       49171 AES    ECDH
TLS_RSA_WITH_AES_256_GCM_SHA384                        16          256         157 AES    RSA
TLS_PSK_WITH_AES_128_GCM_SHA256                        16          128         168 AES    PSK
...

Get all TLS versions

The TLS versions are SubKeys of HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols.

function Get-RegistryProperties{
    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$true)]
		[String] $Hive
    )

    if(Test-path -Path $Hive){
        $root = Get-Item $Hive
        $ret = foreach($SubKey in $root.GetSubKeyNames()){
            $items = Get-Item "$Hive\$SubKey"
            if($items.SubKeycount -eq 0){
                foreach($Property in $items.Property){
                    [PSCustomObject]@{
                        Hive     = $Hive
                        Name     = $items.PSChildName
                        Property = $Property
                        Value    = Get-ItemPropertyValue -Path ("$Hive\$SubKey") -Name ($Property)
                    }
                }
            }
            else{
                # Call the function recursive
                Get-RegistryProperties -Hive "$Hive\$SubKey"
            }
        }
    }
    return $ret
}

$RegKey = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols'
Get-RegistryProperties -Hive $RegKey | Sort-Object Hive, Name | Format-Table

Output:

Value 1 = True, 0 = False

Hive                                                                                Name   Property          Value
----                                                                                ----   --------          -----
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2 Client DisabledByDefault     0
HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2 Client Enabled               1
...

See also

Get all cipher suites, Protocols in TLS/SSL (Schannel SSP), Transport Layer Security (TLS) registry settings on Microsoft.

[ Top ] [ Blog ]