赞
踩
如何使用 Windows PowerShell 禁用传输层安全性 (TLS) 和安全套接字层 (SSL) 协议的弱版本。当然,在禁用弱版本的 SSL / TSL 协议之前,您需要确保可以在您的系统上使用 TLS 1.2 协议。
Windows 操作系统兼容的协议
系统与版本 TLS 1.2 兼容
启用 TLS 1.2
New-Item ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' ` -Force ` | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' ` -name 'Enabled' ` -value '1' ` -PropertyType 'DWord' ` -Force ` | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' ` -name 'DisabledByDefault' ` -value 0 ` -PropertyType 'DWord' ` -Force ` | Out-Null New-Item ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' ` -Force ` | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' ` -name 'Enabled' ` -value '1' ` -PropertyType 'DWord' ` -Force ` | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' ` -name 'DisabledByDefault' ` -value 0 ` -PropertyType 'DWord' ` -Force ` | Out-Null Write-Host 'TLS 1.2 has been enabled.'
禁用 SSL 2.0 和 SSL 3.0
New-Item ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' ` -Force ` | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' ` -name 'Enabled' ` -value '0' ` -PropertyType 'DWord' ` -Force ` | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' ` -name 'DisabledByDefault' ` -value 1 ` -PropertyType 'DWord' ` -Force ` | Out-Null New-Item ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' ` -Force ` | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' ` -name 'Enabled' ` -value '0' ` -PropertyType 'DWord' ` -Force ` | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client' ` -name 'DisabledByDefault' ` -value 1 ` -PropertyType 'DWord' ` -Force ` | Out-Null Write-Host 'SSL 2.0 has been disabled.'
禁用 SSL v3.0
New-Item ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' ` -Force ` | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' ` -name 'Enabled' ` -value '0' ` -PropertyType 'DWord' ` -Force ` | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' ` -name 'DisabledByDefault' ` -value 1 ` -PropertyType 'DWord' ` -Force ` | Out-Null New-Item ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' ` -Force ` | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' ` -name 'Enabled' ` -value '0' ` -PropertyType 'DWord' ` -Force ` | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client' ` -name 'DisabledByDefault' ` -value 1 ` -PropertyType 'DWord' ` -Force ` | Out-Null Write-Host 'SSL 3.0 has been disabled.'
禁用 TLS 1.0 和 1.1
New-Item ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' ` -Force ` | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' ` -name 'Enabled' ` -value '0' ` -PropertyType 'DWord' ` -Force ` | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' ` -name 'DisabledByDefault' ` -value 1 ` -PropertyType 'DWord' ` -Force ` | Out-Null New-Item ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' ` -Force ` | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' ` -name 'Enabled' ` -value '0' ` -PropertyType 'DWord' ` -Force ` | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client' ` -name 'DisabledByDefault' ` -value 1 ` -PropertyType 'DWord' ` -Force ` | Out-Null Write-Host 'TLS 1.0 has been disabled.'
禁用 TLS 1.1
New-Item ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' ` -Force ` | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' ` -name 'Enabled' ` -value '0' ` -PropertyType 'DWord' ` -Force ` | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' ` -name 'DisabledByDefault' ` -value 1 ` -PropertyType 'DWord' ` -Force ` | Out-Null New-Item ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' ` -Force ` | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' ` -name 'Enabled' ` -value '0' ` -PropertyType 'DWord' ` -Force ` | Out-Null New-ItemProperty ` -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client' ` -name 'DisabledByDefault' ` -value 1 ` -PropertyType 'DWord' ` -Force ` | Out-Null Write-Host 'TLS 1.1 has been disabled.'
重启生效
ref
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。