This is an excellent PowerShell script if you want to test which SSL and TLS protocols are enabled on your webserver. This is extremely important
This is an excellent PowerShell script if you want to test which SSL and TLS protocols are enabled on your webserver. This is extremely important due to the inherent vulnerabilities in SSL and TLS version prior to 1.2
function Test-ServerSSLSupport {
[CmdletBinding()]
param(
[Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[ValidateNotNullOrEmpty()]
[string]$HostName,
[UInt16]$Port = 443
)
process {
$RetValue = New-Object psobject -Property @{
Host = $HostName
Port = $Port
SSLv2 = $false
SSLv3 = $false
TLSv1_0 = $false
TLSv1_1 = $false
TLSv1_2 = $false
KeyExhange = $null
HashAlgorithm = $null
}
“ssl2”, “ssl3”, “tls”, “tls11”, “tls12” | %{
$TcpClient = New-Object Net.Sockets.TcpClient
$TcpClient.Connect($RetValue.Host, $RetValue.Port)
$SslStream = New-Object Net.Security.SslStream $TcpClient.GetStream()
$SslStream.ReadTimeout = 15000
$SslStream.WriteTimeout = 15000
try {
$SslStream.AuthenticateAsClient($RetValue.Host,$null,$_,$false)
$RetValue.KeyExhange = $SslStream.KeyExchangeAlgorithm
$RetValue.HashAlgorithm = $SslStream.HashAlgorithm
$status = $true
} catch {
$status = $false
}
switch ($_) {
“ssl2” {$RetValue.SSLv2 = $status}
“ssl3” {$RetValue.SSLv3 = $status}
“tls” {$RetValue.TLSv1_0 = $status}
“tls11” {$RetValue.TLSv1_1 = $status}
“tls12” {$RetValue.TLSv1_2 = $status}
}
# dispose objects to prevent memory leaks
#$TcpClient.Dispose()
#$SslStream.Dispose()
}
$RetValue
“From “+ $TcpClient.client.LocalEndPoint.address.IPAddressToString +” to $hostname “+ $TcpClient.client.RemoteEndPoint.address.IPAddressToString +’:’+$TcpClient.client.RemoteEndPoint.port
$SslStream |gm |?{$_.MemberType -match ‘Property’}|Select-Object Name |%{$_.Name +’: ‘+ $sslStream.($_.name)}
}
}
Test-ServerSSLSupport yourwebserver.com
Post Views: 20,170
COMMENTS
Don’t forget to post your comments, without comments our contributors don’t get much incentive to contribute more for you!