-
Notifications
You must be signed in to change notification settings - Fork 8
Test‑TlsNegotiation
Tests which TLS/SSL protocols can be negotiated with a target host/port.
Test-TlsNegotiation [[-HostName] <String>] [[-Port] <UInt16>] [-Protocol <SslProtocols[]>]
[-TimeoutSeconds <UInt32>] [<CommonParameters>]
Test-TlsNegotiation attempts to establish a TCP connection to the
specified HostName and Port, then performs a TLS/SSL handshake using
each protocol provided in -Protocol.
It uses System.Net.Security.SslStream and ignores certificate validation errors on purpose (the goal is to test protocol support, not certificate trust).
For each attempted protocol, the function returns an object indicating whether the handshake succeeded, and if so, which protocol and cipher suite were negotiated.
Test-TlsNegotiation -HostName localhost
Attempts each protocol against localhost using default port 443 and returns the results.
Test-TlsNegotiation -HostName localhost -Port 1433
Attempts each protocol against localhost:1433 and returns the results.
Test-TlsNegotiation -HostName localhost -Port 1433 | Format-Table -AutoSize
Attempts each protocol against localhost:1433 and displays results in a formatted table.
Test-TlsNegotiation -HostName sql01.contoso.com -Port 1433 -Verbose
Tests protocol negotiation against sql01.contoso.com:1433 and prints each attempt via -Verbose.
Test-TlsNegotiation -HostName webserver.contoso.com -Port 443 -Protocol Tls12, Tls13
Tests only TLS 1.2 and TLS 1.3 negotiation against a web server on port 443.
The DNS name or IP address of the target host. Default is 'localhost'.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: Localhost
Accept pipeline input: False
Accept wildcard characters: FalseThe TCP port to connect to. Default is 443.
Type: UInt16
Parameter Sets: (All)
Aliases:
Required: False
Position: 2
Default value: 443
Accept pipeline input: False
Accept wildcard characters: FalseOne or more protocol names to attempt.
Accepts values from the
[System.Security.Authentication.SslProtocols] enum such as Ssl2,
Ssl3, Tls, Tls11, Tls12, Tls13.
If not specified, all
supported protocols are attempted.
Type: SslProtocols[]
Parameter Sets: (All)
Aliases:
Accepted values: None, Ssl2, Ssl3, Tls, Default, Tls11, Tls12, Tls13
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseConnection timeout in seconds for the TCP connect attempt. Default is 5.
Type: UInt32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: 5
Accept pipeline input: False
Accept wildcard characters: FalseThis cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Certificate validation is intentionally bypassed to focus solely on protocol support. TLS 1.3 availability depends on OS and .NET runtime.