CertificateHealth/Test-NetSslProtocol.ps1 at master · wasserja/CertificateHealth · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
<#
.Synopsis
Test the SSL and TLS protocols on a remote server.
.DESCRIPTION
Validate which SSL and TLS protocols are enabled or disabled on remote systems and ports.
.PARAMETER ComputerName
Specify the DNS name or IP address of the URL you want to query.
.PARAMETER Port
Specify the port of the destination server.
.EXAMPLE
Test-NetSslProtocol -ComputerName www.google.com -Port 443
.EXAMPLE
Test-NetSslProtocol -IP 8.8.8.8 -Port 853
.NOTES
Created by: Jason Wasser
Modified: 11/10/2020
Reconciled use of $TCPClient and $TcpSocket
Comments added at change locations for integration

#>

function Test-NetSslProtocol {
    [CmdletBinding()]
    Param (
        [Parameter(Mandatory, ValueFromPipeline)]
        [Alias('IP')]
        [string[]]$ComputerName,
        [int[]]$Port = 443,
        [ValidateSet('ssl2', 'ssl3', 'tls', 'tls11', 'tls12', 'tls13')]
        [string[]]$Protocol = ('ssl2', 'ssl3', 'tls', 'tls11', 'tls12', 'tls13')
    )
    begin {
        #Commenting this out because it isn't actually used
        #$TCPClient = New-Object -TypeName System.Net.Sockets.TCPClient
    }
    process {
        foreach ($Computer in $ComputerName) {
            foreach ($CurrentPort in $Port) {
                foreach ($CurrentProtocol in $Protocol) {
                    Write-Verbose "Testing $CurrentProtocol on ${Computer}:$Port"
                    try {
                        #Adding typename parameter and fully qualifying TcpClient
                        $TcpSocket = New-Object -TypeName System.Net.Sockets.TcpClient($Computer, $CurrentPort)
                        $tcpstream = $TcpSocket.GetStream()
                        #$sender is flagged by VSCode as an automatic variable and recommends changing it. Changed to caller and functionality seems undeminished
                        $Callback = { param($caller, $cert, $chain, $errors) return $true }
                        $SSLStream = New-Object -TypeName System.Net.Security.SSLStream -ArgumentList @($tcpstream, $True, $Callback)
                        try {
                            $SSLStream.AuthenticateAsClient($Computer, $null, $CurrentProtocol, $false)
                            $ProtocolStatus = 'Enabled'
                        }
                        catch {
                            $ProtocolStatus = 'Disabled'
                        }
                        finally {
                            $SSLStream.Dispose()
                        }
                    }
                    catch {
                        Write-Warning "Unable to connect to ${Computer}:$CurrentPort"
                        break
                    }
                    finally {
                        #Changing following from TCPClient to TcpSocket since that is what is actually used
                        $TcpSocket.Dispose()
                    }
                    if ($ProtocolStatus) {
                        $NetSslProtocolProperties = [ordered]@{
                            ComputerName   = $Computer
                            Port           = $CurrentPort
                            Protocol       = $CurrentProtocol
                            ProtocolStatus = $ProtocolStatus
                        }
                        $NetSslProtocol = New-Object -TypeName PSCustomObject -Property $NetSslProtocolProperties
                        Write-Output $NetSslProtocol
                        $ProtocolStatus = $null
                    }
                }
            }
        }
    }
    end { }
}