Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function Get-SSLSecurityProtocols {
- $protopath = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols"
- & REG.EXE QUERY "$protopath\PCT 1.0\Server" /v Enabled
- & REG.EXE QUERY "$protopath\SSL 2.0\Server" /v Enabled
- & REG.EXE QUERY "$protopath\SSL 3.0\Server" /v Enabled
- & REG.EXE QUERY "$protopath\TLS 1.0\Server" /v Enabled
- & REG.EXE QUERY "$protopath\TLS 1.1\Server" /v Enabled
- & REG.EXE QUERY "$protopath\TLS 1.1\Server" /v DisabledByDefault
- & REG.EXE QUERY "$protopath\TLS 1.2\Server" /v Enabled
- & REG.EXE QUERY "$protopath\TLS 1.2\Server" /v DisabledByDefault
- & REG.EXE QUERY "$protopath\TLS 1.1\Client" /v Enabled
- & REG.EXE QUERY "$protopath\TLS 1.1\Client" /v DisabledByDefault
- & REG.EXE QUERY "$protopath\TLS 1.2\Client" /v Enabled
- & REG.EXE QUERY "$protopath\TLS 1.2\Client" /v DisabledByDefault
- }
- function Set-SSLSecurityProtocols {
- $protopath = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols"
- & reg.exe add "$protopath\PCT 1.0\Server" /v Enabled /t REG_DWORD /d 00000000 /f
- & reg.exe add "$protopath\SSL 2.0\Server" /v Enabled /t REG_DWORD /d 00000000 /f
- & reg.exe add "$protopath\SSL 3.0\Server" /v Enabled /t REG_DWORD /d 00000001 /f
- & reg.exe add "$protopath\TLS 1.0\Server" /v Enabled /t REG_DWORD /d 00000001 /f
- & reg.exe add "$protopath\TLS 1.1\Server" /v Enabled /t REG_DWORD /d 00000001 /f
- & reg.exe add "$protopath\TLS 1.1\Server" /v DisabledByDefault /t REG_DWORD /d 00000000 /f
- & reg.exe add "$protopath\TLS 1.2\Server" /v Enabled /t REG_DWORD /d 00000001 /f
- & reg.exe add "$protopath\TLS 1.2\Server" /v DisabledByDefault /t REG_DWORD /d 00000000 /f
- & reg.exe add "$protopath\TLS 1.1\Client" /v Enabled /t REG_DWORD /d 00000001 /f
- & reg.exe add "$protopath\TLS 1.1\Client" /v DisabledByDefault /t REG_DWORD /d 00000000 /f
- & reg.exe add "$protopath\TLS 1.2\Client" /v Enabled /t REG_DWORD /d 00000001 /f
- & reg.exe add "$protopath\TLS 1.2\Client" /v DisabledByDefault /t REG_DWORD /d 00000000 /f
- }
- function Set-IISSupportedCiphers {
- $cipherpath = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers"
- & reg.exe add "$cipherpath\NULL" /v Enabled /t REG_DWORD /d 00000000 /f
- & reg.exe add "$cipherpath\DES 56/56" /v Enabled /t REG_DWORD /d 00000000 /f
- & reg.exe add "$cipherpath\RC2 40/128" /v Enabled /t REG_DWORD /d 00000000 /f
- & reg.exe add "$cipherpath\RC2 56/128" /v Enabled /t REG_DWORD /d 00000000 /f
- & reg.exe add "$cipherpath\RC2 128/128" /v Enabled /t REG_DWORD /d 00000000 /f
- & reg.exe add "$cipherpath\RC4 40/128" /v Enabled /t REG_DWORD /d 00000000 /f
- & reg.exe add "$cipherpath\RC4 56/128" /v Enabled /t REG_DWORD /d 00000000 /f
- & reg.exe add "$cipherpath\RC4 64/128" /v Enabled /t REG_DWORD /d 00000000 /f
- & reg.exe add "$cipherpath\RC4 128/128" /v Enabled /t REG_DWORD /d 4294967295 /f
- & reg.exe add "$cipherpath\Triple DES 168/168" /v Enabled /t REG_DWORD /d 4294967295 /f
- & reg.exe add "$cipherpath\AES 128/128" /v Enabled /t REG_DWORD /d 4294967295 /f
- & reg.exe add "$cipherpath\AES 256/256" /v Enabled /t REG_DWORD /d 4294967295 /f
- }
- #Get-SSLSecurityProtocols
- #Set-SSLSecurityProtocols
- #Set-IISSupportedCiphers
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement