Last active
January 17, 2022 14:44
-
-
Save BarelyAliveMau5/25e96af6eddd55fcd81c1d1729437176 to your computer and use it in GitHub Desktop.
This script can be used to disable unsafe ciphers as of 2022-01-17 - made for Windows Server 2016.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -RunAsAdministrator | |
| #Requires -Version 5 | |
| # refer to: https://docs.microsoft.com/en-us/answers/questions/166697/disable-weak-cipher-suits-with-windows-server-2016.html | |
| # archived version: https://web.archive.org/web/20220117144405/https://docs.microsoft.com/en-us/answers/questions/166697/disable-weak-cipher-suits-with-windows-server-2016.html | |
| @("TLS_DHE_RSA_WITH_AES_256_CBC_SHA", | |
| "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", | |
| "TLS_RSA_WITH_AES_256_GCM_SHA384", | |
| "TLS_RSA_WITH_AES_128_GCM_SHA256", | |
| "TLS_RSA_WITH_AES_256_CBC_SHA256", | |
| "TLS_RSA_WITH_AES_128_CBC_SHA256", | |
| "TLS_RSA_WITH_AES_256_CBC_SHA", | |
| "TLS_RSA_WITH_AES_128_CBC_SHA", | |
| "TLS_RSA_WITH_3DES_EDE_CBC_SHA", | |
| "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", | |
| "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", | |
| "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", | |
| "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", | |
| "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", | |
| "TLS_RSA_WITH_RC4_128_SHA", | |
| "TLS_RSA_WITH_RC4_128_MD5", | |
| "TLS_RSA_WITH_NULL_SHA256", | |
| "TLS_RSA_WITH_NULL_SHA", | |
| "TLS_PSK_WITH_AES_256_GCM_SHA384", | |
| "TLS_PSK_WITH_AES_128_GCM_SHA256", | |
| "TLS_PSK_WITH_AES_256_CBC_SHA384", | |
| "TLS_PSK_WITH_AES_128_CBC_SHA256", | |
| "TLS_PSK_WITH_NULL_SHA384", | |
| "TLS_PSK_WITH_NULL_SHA256").ForEach({ | |
| Disable-TlsCipherSuite -Name $_ | |
| }) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment