Created
September 29, 2023 12:56
-
-
Save itspluxstahre/6235c3ac1c0e39dd70ac4c469792b2cf to your computer and use it in GitHub Desktop.
Simple script to check status of insecure TLS status on a Windows Server, and optionally change it. I've been using it to enable old TLS versions on servers due to legacy software.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Function to set the TLS registry keys | |
| function Set-TLSKeys { | |
| param ( | |
| [int] $enabledValue, | |
| [int] $disabledByDefaultValue | |
| ) | |
| $protocols = @('TLS 1.0', 'TLS 1.1') | |
| $roles = @('Server', 'Client') | |
| foreach ($protocol in $protocols) { | |
| foreach ($role in $roles) { | |
| $path = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocol\$role" | |
| New-Item $path -Force | |
| New-ItemProperty -Path $path -PropertyType 'DWORD' -Name 'Enabled' -Value $enabledValue | |
| New-ItemProperty -Path $path -PropertyType 'DWORD' -Name 'DisabledByDefault' -Value $disabledByDefaultValue | |
| } | |
| } | |
| } | |
| # Function to check the status of TLS registry keys | |
| function Check-TLSStatus { | |
| $protocols = @('TLS 1.0', 'TLS 1.1') | |
| $roles = @('Server', 'Client') | |
| foreach ($protocol in $protocols) { | |
| foreach ($role in $roles) { | |
| $path = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocol\$role" | |
| $enabled = Get-ItemPropertyValue -Path $path -Name 'Enabled' -ErrorAction SilentlyContinue | |
| $disabledByDefault = Get-ItemPropertyValue -Path $path -Name 'DisabledByDefault' -ErrorAction SilentlyContinue | |
| Write-Host "$protocol $role -> Enabled: $enabled, DisabledByDefault: $disabledByDefault" | |
| } | |
| } | |
| } | |
| # Main script starts here | |
| while ($true) { | |
| Write-Host "What would you like to do?" | |
| Write-Host "1. Disable Insecure TLS" | |
| Write-Host "2. Enable Insecure TLS" | |
| Write-Host "3. Check Status" | |
| Write-Host "4. Exit" | |
| $choice = Read-Host "Enter your choice (1/2/3/4)" | |
| switch ($choice) { | |
| '1' { | |
| Set-TLSKeys -enabledValue 0 -disabledByDefaultValue 1 | |
| Write-Host "Insecure TLS settings have been disabled." | |
| } | |
| '2' { | |
| Set-TLSKeys -enabledValue 1 -disabledByDefaultValue 0 | |
| Write-Host "Insecure TLS settings have been enabled." | |
| } | |
| '3' { | |
| Check-TLSStatus | |
| } | |
| '4' { | |
| Write-Host "Exiting. Goodbye!" | |
| exit | |
| } | |
| default { | |
| Write-Host "Invalid choice. Please enter 1, 2, 3, or 4." | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment