-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathTest-SchannelProtcolStrictTLS12.ps1
43 lines (38 loc) · 1.35 KB
/
Test-SchannelProtcolStrictTLS12.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
<#
.Synopsis
Test for strick TLS 1.2 protocol Schannel settings in the registry.
.DESCRIPTION
Test for strick TLS 1.2 protocol Schannel settings in the registry including
client and server components.
.EXAMPLE
Test-SchannelProtocolStrictTLS12
False
.EXAMPLE
Test-SchannelProtocolStrictTLS12
True
.NOTES
Created by: Jason Wasser
Modified: 4/3/2020
#>
function Test-SchannelProtocolStrictTLS12 {
[cmdletbinding()]
$SchannelProtocolStrictTLS12Status = $false
$SchannelProtocol = Get-SchannelProtocol
# Test Deprecated protocols
$DeprecatedProtocols = $SchannelProtocol | Where-Object -FilterScript { $_.Protocol -in ('SSL2', 'SSL3', 'TLS1.0', 'TLS1.1') -and $_.DisabledByDefault -ne $true -and $_.Enabled -ne $false }
if ($DeprecatedProtocols) {
$EnabledDeprecatedProtocols = $true
}
else {
$EnabledDeprecatedProtocols = $false
}
# Test TLS 1.2 is configured or Not Set
$EnabledTls12Protocol = $SchannelProtocol | Where-Object -FilterScript { $_.Protocol -eq 'TLS1.2' -and $_.DisabledByDefault -in ('False', 'Not Set') -and $_.Enabled -in ('True', 'Not Set') }
if ($EnabledTls12Protocol -and $EnabledDeprecatedProtocols -eq $false) {
$SchannelProtocolStrictTLS12Status = $true
}
else {
$SchannelProtocolStrictTLS12Status = $false
}
Write-Output $SchannelProtocolStrictTLS12Status
}