-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathSet-LegacyCipherSuite.ps1
More file actions
22 lines (18 loc) · 940 Bytes
/
Set-LegacyCipherSuite.ps1
File metadata and controls
22 lines (18 loc) · 940 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
<#
Set-LegacyCipherSuite.ps1
Reinstates TLS 1.0/1.1 compatibility for legacy SQL clients while keeping TLS 1.3 disabled.
Run from an elevated session.
#>
$policyKey = 'HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002'
$cipherList = @(
'TLS_AES_256_GCM_SHA384','TLS_AES_128_GCM_SHA256',
'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384','TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
'TLS_RSA_WITH_AES_256_GCM_SHA384','TLS_RSA_WITH_AES_128_GCM_SHA256',
'TLS_RSA_WITH_AES_256_CBC_SHA256','TLS_RSA_WITH_AES_128_CBC_SHA256',
'TLS_RSA_WITH_AES_256_CBC_SHA','TLS_RSA_WITH_AES_128_CBC_SHA'
)
if (-not (Test-Path $policyKey)) {
New-Item -Path $policyKey -Force | Out-Null
}
New-ItemProperty -Path $policyKey -Name 'Functions' -PropertyType MultiString -Value $cipherList -Force | Out-Null
Write-Host "Cipher suite order applied. Reboot required for services to pick up the change." -ForegroundColor Green