Testing SSL and TLS with PowerShell

Testing SSL and TLS with PowerShell

1 27615

This is an excellent PowerShell script if you want to test which SSL and TLS protocols are enabled on your webserver. This is extremely important

Check Active Directory for Stale Computers
Disable/Enable all Network Adapters
Remove Windows Bloatware

This is an excellent PowerShell script if you want to test which SSL and TLS protocols are enabled on your webserver. This is extremely important due to the inherent vulnerabilities in SSL and TLS version prior to 1.2

Example “Test-ServerSSLSupport www.thecodeasylum.com”

function Test-ServerSSLSupport {
[CmdletBinding()]
    param(
        [Parameter(Mandatory = $true, ValueFromPipeline = $true)]
        [ValidateNotNullOrEmpty()]
        [string]$HostName,
        [UInt16]$Port = 443,
        [boolean]$MoreInfo = $false
    )
    process {
        $RetValue = New-Object psobject -Property ([ordered]@{
            Host = $HostName
            Port = $Port
            KeyExhange = $null
            HashAlgorithm = $null
            SSLv2 = $false
            SSLv3 = $false
            TLSv1_0 = $false
            TLSv1_1 = $false
            TLSv1_2 = $false
        })
        "ssl2", "ssl3", "tls", "tls11", "tls12" | %{
            $TcpClient = New-Object Net.Sockets.TcpClient
            try {$TcpClient.Connect($RetValue.Host, $RetValue.Port)}
            catch {Write-Host "`nThe host $HostName does not exist or not responding on port $Port `n" -ForegroundColor RED; break}
            $SslStream = New-Object -TypeName Net.Security.SslStream -ArgumentList $TcpClient.GetStream(), $true,([System.Net.Security.RemoteCertificateValidationCallback]{$true})
            $SslStream.ReadTimeout = 15000
            $SslStream.WriteTimeout = 15000
            try {
                $SslStream.AuthenticateAsClient($RetValue.Host,$null,$_,$false)
                $RetValue.KeyExhange = $SslStream.KeyExchangeAlgorithm
                $RetValue.HashAlgorithm = $SslStream.HashAlgorithm
                $status = $true
            } catch {
                $status = $false
            }
            switch ($_) {
                "ssl2" {$RetValue.SSLv2 = $status}
                "ssl3" {$RetValue.SSLv3 = $status}
                "tls" {$RetValue.TLSv1_0 = $status}
                "tls11" {$RetValue.TLSv1_1 = $status}
                "tls12" {$RetValue.TLSv1_2 = $status}
            }
            switch ($retvalue.KeyExhange) {
            "44550" {$RetValue.KeyExhange = "ECDH_Ephem"}
            }
            If ($MoreInfo -eq $true) {
            "From "+ $TcpClient.client.LocalEndPoint.address.IPAddressToString +" to $hostname "+ $TcpClient.client.RemoteEndPoint.address.IPAddressToString +':'+$TcpClient.client.RemoteEndPoint.port
            $SslStream |gm |?{$_.MemberType -match 'Property'}|Select-Object Name |%{$_.Name +': '+ $sslStream.($_.name)}
            }
            # dispose objects to prevent memory leaks
            $TcpClient.Dispose()
            $SslStream.Dispose()
        }
        $RetValue
    }
}
Post Views: 28,244

RECOMMENDED FOR YOU

Loading...
Newer Post
Older Post

COMMENTS

WORDPRESS: 1
  • Code Monkey
    Code Monkey 3 years

    Don’t forget to post your comments, without comments our contributors don’t get much incentive to contribute more for you!

    • Leave a Reply

    This site uses User Verification plugin to reduce spam. See how your comment data is processed.

    This site uses Akismet to reduce spam. Learn how your comment data is processed.