You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Gal Szkolnik 94f8181f54 Advanced xml to version 0.72 2 years ago
.gitignore First commit 2 years ago
README.md Code cleanup - per VS Code best behaviors (PROBLEMS pane) 2 years ago
ReadinessChecklist.xml Advanced xml to version 0.72 2 years ago
tlscheck.ps1 Advanced xml to version 0.72 2 years ago

README.md

TLS Readiness Check

A comprehensive set of tests to validate whether system is TLS 1.2 ready, along with tools and references to make system changes as easy as possible.

PREREQUISITE:

  • This will work with PowerShell versions 4 or 5.
    ( Will NOT work with PowerShell 6 a.k.a. PowerShell Core )

Online one-liner

On a Server with Internet Access, execute the following command line:

From the Run dialog [Win]+[R] (or from within cmd.exe or PowerShell Core pwsh.exe):

powershell -NoLogo -NoExit -Command "[Net.ServicePointManager]::SecurityProtocol = 'tls12'; $Max=1; iex (iwr -Uri 'https://code.lksz.me/varonis/tlscheck/raw/branch/master/tlscheck.ps1' -UseB | select -Exp Content)"

From a PowerShell prompt:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-Expression (Invoke-WebRequest -Uri 'https://code.lksz.me/varonis/tlscheck/raw/branch/master/tlscheck.ps1' -UseBasicParsing | Select-Object -ExpandProperty Content)

Offline use

For offline use, first download+ the script (tlscheck.ps1) and the XML (ReadinessChecklist.xml) files.
+ Make sure you use the RAW view of the file to save it, or just Right-Click -> Save from the link mentioned here.

Then run the script from the command prompt:

# * Required to prevent script from being considered 'Remote' when Execution-Policy is set to RemoteSigned
Unblock-File .\tlscheck.ps1
.\tlscheck.ps1

You might get an Execution Policy error:

...\tlscheck.ps1 cannot be loaded. The file C:\varonis\tlscheck.ps1 is not digitally signed. You cannot run this script on the current system.

or

...\tlscheck.ps1 cannot be loaded because running scripts is disabled on this system.

The complete error will look something like:

.\tlscheck.ps1 : File ...\tlscheck.ps1 cannot be loaded because running scripts is disabled on this system. For more information, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170. At line:1 char:1

  • .\tlscheck.ps1
  •   + CategoryInfo          : SecurityError: (:) [], PSSecurityException
      + FullyQualifiedErrorId : UnauthorizedAccess
    

If this is the case, you will need to change the `ExecutionPolicy` to `RemoteSigned`*, `Unrestricted` or `Bypass`. It's recommend you make the change in the `Process` ***scope*** only.

```powershell
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
. .\tlscheck.ps1

Alternatively (as a “workaround hack”) you can load the code dynamically into a string, and invoke it with Invoke-Expression :

Invoke-Expression $(Get-Content .\tlscheck.ps1 | Out-String)