Powershell,Server 2012 R2 并确定密码套件是否处于活动状态
[英]Powershell, Server 2012 R2 and determine if cipher suite is active
问题描述
I have a small project where I have to query about 1800 servers on Server 2012 R2 and want to see if they have TLS 1.2 AND the specific cipher suites that I need enabled on the server AND enabled.
我有一个小项目,我必须在 Server 2012 R2 上查询大约 1800 台服务器,并想看看它们是否有 TLS 1.2 以及我需要在服务器上启用并启用的特定密码套件。
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Using Get-TlsCipherSuite in Server 2016 works as expected, but that is not available in Server 2012 R2.在 Server 2016 中使用 Get-TlsCipherSuite 按预期工作,但在 Server 2012 R2 中不可用。
For Server 2012 R2 I was trying to use this call:对于 Server 2012 R2,我试图使用这个调用:
Get-ItemPropertyValue -Path HKLM:\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002 -Name Functions
But it shows that it is installed, but not it's state. I need to confirm if it is actually enabled and not just installed.但它显示它已安装,但不是 state。我需要确认它是否实际启用,而不仅仅是安装。 The above call doesn't do that, and I can not find where the 'flag' is to show that the item is enabled.上面的调用没有这样做,我找不到“标志”在哪里显示该项目已启用。
Any help would be appreciated.任何帮助,将不胜感激。
1 个解决方案
解决方案1
3 2022-03-29 16:15:28
In my use case I found that the following reliably indicated whether or not the target cipher suites were present and enabled on OS 2012r2在我的用例中,我发现以下可靠地指示目标密码套件是否存在并在 OS 2012r2 上启用
$osVer=(Get-Item "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion")
if (($osVer).GetValue('ProductName') -like "*2012*") {
Write-Host "detected OS: 2012"
$2012suites = ((Get-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002").Functions).split(",")
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" | ForEach-Object {
if ($_ -in $2012suites) {
Write-Host "Present: $_" -ForegroundColor Green
} else {
Write-Host "Missing: $_" -ForegroundColor Red
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.