Public/Security/Get-CryptoProtocol.ps1
|
<#
Copyright © 2024 Integris. For internal company use only. All rights reserved. #> FUNCTION Get-CryptoProtocol { <# .SYNOPSIS Checks the status of various cryptographic protocols on the system. .DESCRIPTION This function verifies the status of specified cryptographic protocols (e.g., TLS, SSL) by checking the relevant registry keys. It determines whether each protocol is enabled or disabled and provides detailed information about their configuration. .PARAMETER Protocols Specifies the cryptographic protocols to check. Valid values are "TLS 1.3", "TLS 1.2", "TLS 1.1", "TLS 1.0", "SSL 3.0", "SSL 2.0", and "PCT 1.0". .EXAMPLE Get-CryptoProtocol -Protocols @("TLS 1.2", "TLS 1.3") This command checks the status of TLS 1.2 and TLS 1.3 protocols and displays their configuration details. .NOTES This function requires appropriate permissions to read registry keys and may need to be run with elevated privileges. #> PARAM ( [ValidateSet("TLS 1.3","TLS 1.2","TLS 1.1","TLS 1.0","SSL 3.0","SSL 2.0","PCT 1.0")] [String[]]$Protocols = @("TLS 1.1","TLS 1.2","TLS 1.3") ) $Results = @() #$Protocols = @("PCT 1.0","SSL 2.0","SSL 3.0","TLS 1.0","TLS 1.1","TLS 1.2","TLS 1.3") FOREACH ($Protocol in $Protocols) { $Value = $Null $Status = "Disabled" $Key = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$($Protocol)\Client\" IF (Test-Path $Key) { $Value = Get-ItemProperty $Key IF ($Value.DisabledByDefault -eq 0 -or $Value.Enabled -ne 0) { $Status = "Enabled" } } ELSE { $Status = "Enabled" } $Results += New-Object PSObject -WarningAction SilentlyContinue -Property @{ Protocol = $Protocol Status = $Status DisabledByDefault = $Value.DisabledByDefault Enabled = $Value.Enabled } } RETURN $Results | Select-Object Protocol, Status, DisabledByDefault, Enabled } |