Functions/SSL/Get-SSLProtocol.ps1
|
Function Get-SSLProtocol { Param ( # Name of Protocol [Parameter(Mandatory=$false)] [ValidateSet("SSL 2.0","SSL 3.0","TLS 1.0","TLS 1.1","TLS 1.2","TLS 1.3")] [string] $Name, # Side to check [Parameter(Mandatory=$false)] [ValidateSet("Client","Server")] [string[]] $Sides = ("Client","Server"), # Registry Path to SCHANNEL Disablement [Parameter(Mandatory=$false)] [string] $Path = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL' ) Process { $Names = if ($Name){[array]$Name}else{[array]("SSL 2.0","SSL 3.0","TLS 1.0","TLS 1.1","TLS 1.2","TLS 1.3")} foreach ($name in $Names) { foreach ($Side in $sides) { $EN = try{(Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$Name\$Side" -Name Enabled -ErrorAction Stop).Enabled}catch{"Missing"} $DBD = try{(Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$Name\$Side" -Name DisabledByDefault -ErrorAction Stop).DisabledByDefault}catch{"Missing"} [pscustomobject]([ordered]@{ Protocol = $Name Side = $Side Enabled = $EN DisabledByDefault = $DBD }) } } } } |