Last year, Microsoft published an advisory about a vulnerability in Schannel where weak/insecure ciphers were used in TLS sessions. More recently Microsoft also published an Update to add new cipher suites to Internet Explorer and Microsoft Edge in Windows.
In the above advisory, they introduced a GPO setting where you can set a new ciphers suite order. Nice, I love it.
But wait, without that GPO setting,…
- How do I know what is the order of ciphers being used?
The question was answered on this stackoverflow.com forum page
Unfortunately it doesn’t work with PowerShell 2.0 (default version) on Windows 7 and I get the following error
- What about newer systems?
The code proposed on the stackoverflow.com forum page works in Windows 8.1 and PowerShell 4.0. There’s also a module called TLS but it doesn’t have the Get-TlsCipherSuite cmdlet 😦
On Window 10, you’ve got more in the TLS module and the Get- TlsCipherSuite is available 🙂
On Windows 10 to get the order of ciphers, you simply do
- How can I get the order of ciphers whatever the operating system and its version of PowerShell?
I’ve slightly changed the code proposed on the stackoverflow.com forum page : line 49 replaced by 48 😎
Documented ciphers suites per OS
Update to enable TLS 1.1 and TLS 1.2 as a default secure protocols in WinHTTP in Windows