This is an excellent PowerShell script if you want to test which SSL and TLS protocols are enabled on your webserver. This is extremely important
This is an excellent PowerShell script if you want to test which SSL and TLS protocols are enabled on your webserver. This is extremely important
This is an excellent PowerShell script if you want to test which SSL and TLS protocols are enabled on your webserver. This is extremely important due to the inherent vulnerabilities in SSL and TLS version prior to 1.2
function Test-ServerSSLSupport { [CmdletBinding()] param( [Parameter(Mandatory = $true, ValueFromPipeline = $true)] [ValidateNotNullOrEmpty()] [string]$HostName, [UInt16]$Port = 443 ) process { $RetValue = New-Object psobject -Property @{ Host = $HostName Port = $Port SSLv2 = $false SSLv3 = $false TLSv1_0 = $false TLSv1_1 = $false TLSv1_2 = $false KeyExhange = $null HashAlgorithm = $null } “ssl2”, “ssl3”, “tls”, “tls11”, “tls12” | %{ $TcpClient = New-Object Net.Sockets.TcpClient $TcpClient.Connect($RetValue.Host, $RetValue.Port) $SslStream = New-Object Net.Security.SslStream $TcpClient.GetStream() $SslStream.ReadTimeout = 15000 $SslStream.WriteTimeout = 15000 try { $SslStream.AuthenticateAsClient($RetValue.Host,$null,$_,$false) $RetValue.KeyExhange = $SslStream.KeyExchangeAlgorithm $RetValue.HashAlgorithm = $SslStream.HashAlgorithm $status = $true } catch { $status = $false } switch ($_) { “ssl2” {$RetValue.SSLv2 = $status} “ssl3” {$RetValue.SSLv3 = $status} “tls” {$RetValue.TLSv1_0 = $status} “tls11” {$RetValue.TLSv1_1 = $status} “tls12” {$RetValue.TLSv1_2 = $status} } # dispose objects to prevent memory leaks #$TcpClient.Dispose() #$SslStream.Dispose() } $RetValue “From “+ $TcpClient.client.LocalEndPoint.address.IPAddressToString +” to $hostname “+ $TcpClient.client.RemoteEndPoint.address.IPAddressToString +’:’+$TcpClient.client.RemoteEndPoint.port $SslStream |gm |?{$_.MemberType -match ‘Property’}|Select-Object Name |%{$_.Name +’: ‘+ $sslStream.($_.name)} } } Test-ServerSSLSupport yourwebserver.com
COMMENTS
Don’t forget to post your comments, without comments our contributors don’t get much incentive to contribute more for you!