Hi
How do i check the TLS version in all our windows server?
is it possible to find the TLS versions(1.0,1,1,1,2 or 1.3) by bigfix webreports?
Regards
AK
I created the relevance below based on this MS link, which can assist in determining whether the TLS versions key is listed and enabled or disabled.
You can expand it to suit your needs, but the process remains the same.
Q: if (name of operating system does not contain "Win") then "N/A" else ((if not exists key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" of native registry then "TLS 1.0: Key Not Found" else if ((value "Enabled" of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" of native registry) = "1" AND (value "DisabledByDefault" of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" of native registry) = "0") then "TLS 1.0: Enabled" else "TLS 1.0: Disabled") as string) & " || " & ((if not exists key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" of native registry then "TLS 1.2: Key Not Found" else if ((value "Enabled" of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" of native registry) = "1" AND (value "DisabledByDefault" of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" of native registry) = "0") then "TLS 1.1: Enabled" else "TLS 1.1: Disabled") as string) & " || " & ((if not exists key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" of native registry then "TLS 1.2: Key Not Found" else if ((value "Enabled" of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" of native registry) = "1" AND (value "DisabledByDefault" of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" of native registry) = "0") then "TLS 1.3: Enabled" else "TLS 1.2: Disabled") as string)
A: TLS 1.0: Disabled || TLS 1.1: Disabled || TLS 1.2: Key Not Found
T: 0.675 ms
I: singular string
After adding it as a Reteried property in BigFix Console, you can use it straight from the console, WebUI, or Webreport.
Thank you
i will check the same
Hi
Can you provide me the steps where i want to create this relevance either new fixlets or analysis?
Hi Khurava,
I have created it and get the results like below
Hostname ip address ostype TLS 1.0: Disabled || TLS 1.1: Disabled || TLS 1.2: Disabled
this means host all TLS versions(1.0,1.1.1,2) disabled?
Reagrds
AK
Hi Khurava,
Better we can show the results by the following details which really help me to understand better.
TLS version 1.0 - Hostnames
TLS version 1.1 - Hostnames
TLS version 1.2 - Hostnames
Regards
AK
Each machine’s results will be displayed by that RP; if the results indicate that a machine is TLS 1.X found but disabled according to the detection criteria, then indeed it is.
Please Note: In my previous post, I shared an MS link. However, to ensure better understanding and clarity, you should verify it with your Windows, Wintel, or Windows administrator.