$Protocols = @("SSL 2.0", "SSL 3.0", "TLS 1.0", "TLS 1.1")
$EndPoints = @("Client", "Server")
Write-Verbose "停用 SSL 2.0 & 3.0 以及 TLS 1.0 & 1.1"
$Protocols | ForEach{
$Protocol = $_
If(!(Test-Path -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\$Protocol")){
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\$Protocol" | Out-Null
}
$EndPoints | ForEach{
$EndPoint = $_
If(!(Test-Path -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\$Protocol\$EndPoint")){
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\$Protocol\$EndPoint" | Out-Null
}
Switch($EndPoint){
"Client"{
Try{
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\$Protocol\$EndPoint" -Name DisabledByDefault -ErrorAction Ignore
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\$Protocol\$EndPoint" -Name DisabledByDefault -PropertyType DWORD -Value “0x1” –Force | Out-Null
}Catch{
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\$Protocol\$EndPoint" -Name DisabledByDefault -PropertyType DWORD -Value “0x1” –Force | Out-Null
}
}
"Server"{
Try{
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\$Protocol\$EndPoint" -Name Enabled -ErrorAction Ignore
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\$Protocol\$EndPoint" -Name Enabled -PropertyType DWORD -Value “0x0” –Force | Out-Null
}Catch{
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\$Protocol\$EndPoint" -Name Enabled -PropertyType DWORD -Value “0x0” –Force | Out-Null
}
}
}
}
}
發表文章
0 意見:
張貼留言