function Get-EnabledTlsCipherSuites {
$enabledCipherSuites = @()
$cipherSuites = Get-TlsCipherSuite
foreach ($cipherSuite in $cipherSuites) {
$cipherSuiteName = $cipherSuite.Name
$regPath = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\$cipherSuiteName"
if (Test-Path $regPath) {
$disabled = Get-ItemProperty -Path $regPath -Name "Enabled" -ErrorAction SilentlyContinue
if ($null -eq $disabled -or $disabled.Enabled -ne 0) {
$enabledCipherSuites += $cipherSuite
}
} else {
$enabledCipherSuites += $cipherSuite
}
}
return $enabledCipherSuites
}
function Get-EnabledTlsVersions {
$versions = @("1.2", "1.3")
$enabledVersions = @()
foreach ($version in $versions) {
$regPath = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS $version\Server"
if (Test-Path $regPath) {
$enabled = Get-ItemProperty -Path $regPath -Name "Enabled" -ErrorAction SilentlyContinue
if ($null -ne $enabled -and $enabled.Enabled -eq 1) {
$enabledVersions += $version
}
}
}
return $enabledVersions
}
$enabledCipherSuites = Get-EnabledTlsCipherSuites
$enabledTlsVersions = Get-EnabledTlsVersions
Write-Host "Enabled TLS versions:"
$enabledTlsVersions
Write-Host "`nEnabled Cipher Suites:"
$enabledCipherSuites | Format-Table Name, CipherLength
# Mapping of protocol version numbers to human-readable names
$protocolMap = @{
768 = 'SSL 3.0'
769 = 'TLS 1.0'
770 = 'TLS 1.1'
771 = 'TLS 1.2'
772 = 'TLS 1.3'
}
# Retrieve TLS cipher suites and format them into a readable table
Get-TlsCipherSuite | ForEach-Object {
$protocols = $_.Protocols | ForEach-Object { $protocolMap[$_] } -join ', '
[PSCustomObject]@{
Name = $_.Name
Protocols = $protocols
KeyLength = $_.KeyLength
HashAlgorithm = $_.HashAlgorithm
CipherAlgorithm = $_.CipherAlgorithm
ExchangeAlgorithm= $_.ExchangeAlgorithm
}
} | Format-Table -AutoSize
