-
Notifications
You must be signed in to change notification settings - Fork 29
/
Get-SslDetails.ps1
93 lines (84 loc) · 3.21 KB
/
Get-SslDetails.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<#
.SYNOPSIS
Enumerates the SSL protocols that the client is able to successfully use to connect to a server.
.INPUTS
System.String of hostname(s) to get SSL support and certificate details for.
.OUTPUTS
System.Management.Automation.PSCustomObject with certifcated details and
properties indicating support for SSL protocols with the cypher algorithm used
if supported or false if not supported.
.FUNCTIONALITY
HTTP
.LINK
https://msdn.microsoft.com/library/system.security.authentication.sslprotocols.aspx
.LINK
https://msdn.microsoft.com/library/system.net.security.sslstream.authenticateasclient.aspx
.LINK
Get-EnumValues.ps1
.EXAMPLE
Get-SslDetails.ps1 -ComputerName www.google.com
ComputerName : www.google.com
Port : 443
KeyLength : 2048
SignatureAlgorithm : rsa-sha1
CertificateIssuer : Google Inc
CertificateExpires : 06/20/2018 06:22:00
Ssl2 : False
Ssl3 : False
Tls : Aes128
Tls11 : Aes128
Tls12 : Aes128
#>
#Requires -Version 3
[CmdletBinding()][OutputType([Management.Automation.PSCustomObject])] Param(
# The name of the remote computer to connect to.
[Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$true)]
[Alias('CN','Hostname')][string]$ComputerName,
# The remote port to connect to.
[Parameter(ValueFromPipelineByPropertyName=$true)][int]$Port = 443
)
Begin {$protocols = Get-EnumValues.ps1 Security.Authentication.SslProtocols |Where-Object Name -notin 'None','Default' |Select-Object -ExpandProperty Name}
Process
{
$result = [ordered]@{
ComputerName = $ComputerName
Port = $Port
KeyLength = $null
SignatureAlgorithm = $null
CertificateIssuer = $null
CertificateEffective = $null
CertificateExpires = $null
Certificate = $null
}
foreach($protocol in $protocols)
{
$socket = New-Object Net.Sockets.Socket Stream,Tcp
$socket.Connect($ComputerName,$Port)
try
{
$ssl = New-Object Net.Security.SslStream (New-Object Net.Sockets.NetworkStream $socket,$true),$true
$ssl.AuthenticateAsClient($ComputerName,$null,$protocol,$false)
if(!$result['Certificate'])
{
[Security.Cryptography.X509Certificates.X509Certificate2]$cert = $ssl.RemoteCertificate
$result['KeyLength'] = $cert.PublicKey.Key.KeySize
$result['SignatureAlgorithm'] = $cert.SignatureAlgorithm.FriendlyName
$result['CertificateIssuer'] = $cert.GetNameInfo('SimpleName', $true)
$result['CertificateEffective'] = $cert.NotBefore
$result['CertificateExpires'] = $cert.NotAfter
$result['Certificate'] = $cert
}
$result[$protocol] = $ssl.CipherAlgorithm
}
catch
{
$result[$protocol] = $false
}
finally
{
if($ssl -is [IDisposable]) {$ssl.Dispose()}
if($socket -is [IDisposable]) {$socket.Dispose()}
}
}
[pscustomobject]$result
}