Check the password suites supported by the windows system.

Source: Internet
Author: User
Tags cipher suite

Check the password suites supported by the windows system.

On Windows 10 clients and Windows server 2016 servers, you can use the powershell command to obtain a list of supported cipher suites and disable enabling the corresponding cipher suites.

# Command link: https://technet.microsoft.com/zh-cn/library/dn931990.aspx
# List of packages supported by the system obtained by win10 server2016
Get-TlsCipherSuite | ft name # win10 server2016 Enable cipher suite Enable-TlsCipherSuite-name "# win10 server2016 Disable cipher suite Disable-TlsCipherSuite-name ""

In versions earlier than Windows server 2016, Microsoft did not provide the appropriate powershell command to obtain the list of cipher suites, but c ++ code is provided on msdn.

Link: https://msdn.microsoft.com/en-us/library/windows/desktop/bb870930 (v = vs.85). aspx

 1 #include <stdio.h> 2 #include <windows.h> 3 #include <bcrypt.h> 4  5  6 void main() 7 { 8  9    HRESULT Status = ERROR_SUCCESS;10    DWORD   cbBuffer = 0;11    PCRYPT_CONTEXT_FUNCTIONS pBuffer = NULL;12 13     Status = BCryptEnumContextFunctions(14         CRYPT_LOCAL,15         L"SSL",16         NCRYPT_SCHANNEL_INTERFACE,17         &cbBuffer,18         &pBuffer);19     if(FAILED(Status))20     {21         printf_s("\n**** Error 0x%x returned by BCryptEnumContextFunctions\n", Status);22         goto Cleanup;23     }24                 25     if(pBuffer == NULL)26     {27         printf_s("\n**** Error pBuffer returned from BCryptEnumContextFunctions is null");28         goto Cleanup;29     }30 31     printf_s("\n\n Listing Cipher Suites ");32     for(UINT index = 0; index < pBuffer->cFunctions; ++index)33     {34         printf_s("\n%S", pBuffer->rgpszFunctions[index]);35     }36 37 Cleanup:38     if (pBuffer != NULL)39     {40         BCryptFreeBuffer(pBuffer);41     }42 }
Obtain the list of cipher suites
 1 #include <stdio.h>  2 #include <windows.h>  3 #include <bcrypt.h> void main() 4 {  5     SECURITY_STATUS Status = ERROR_SUCCESS;  6     LPWSTR wszCipher =(L “RSA_EXPORT1024_DES_CBC_SHA”);  7     Status = BCryptAddContextFunction( 8                 CRYPT_LOCAL, 9                 L “SSL”,10                 NCRYPT_SCHANNEL_INTERFACE,11                 wszCipher,12                 CRYPT_PRIORITY_TOP); 13 }
Add a cipher suite to the top priority
 1 #include <stdio.h>  2 #include <windows.h>  3 #include <bcrypt.h> void main() 4 {  5     SECURITY_STATUS Status = ERROR_SUCCESS;  6       LPWSTR wszCipher =(L “TLS_RSA_WITH_RC4_128_SHA”);  7     Status = BCryptRemoveContextFunction( 8                 CRYPT_LOCAL, 9                 L “SSL”,10                 NCRYPT_SCHANNEL_INTERFACE,11                 wszCipher); 12 }
Delete a cipher suite

Stackoverflow. Someone changed the code for getting the cipher suite list to c #, and then compiled it into exe using powershell compiler, which can be called directly on the cmd console of other terminals.

Stackoverflow. Link: https://stackoverflow.com/questions/19695623/how-to-call-schannel-functions-from-net-c

 1 using System; 2 using System.Text; 3 using System.Runtime.InteropServices; 4  5 namespace ConsoleApplication1 6 { 7     class Program 8     { 9         [DllImport("Bcrypt.dll", CharSet = CharSet.Unicode)]10         static extern uint BCryptEnumContextFunctions(uint dwTable, string pszContext, uint dwInterface, ref uint pcbBuffer, ref IntPtr ppBuffer);11 12         [DllImport("Bcrypt.dll")]13         static extern void BCryptFreeBuffer(IntPtr pvBuffer);14 15         [DllImport("Bcrypt.dll", CharSet = CharSet.Unicode)]16         static extern uint BCryptAddContextFunction(uint dwTable, string pszContext, uint dwInterface, string pszFunction, uint dwPosition);17 18         [DllImport("Bcrypt.dll", CharSet = CharSet.Unicode)]19         static extern uint BCryptRemoveContextFunction(uint dwTable, string pszContext, uint dwInterface, string pszFunction);20 21         [StructLayout(LayoutKind.Sequential)]22         public struct CRYPT_CONTEXT_FUNCTIONS23         {24             public uint cFunctions;25             public IntPtr rgpszFunctions;26         }27 28         const uint CRYPT_LOCAL = 0x00000001;29         const uint NCRYPT_SCHANNEL_INTERFACE = 0x00010002;30         const uint CRYPT_PRIORITY_TOP = 0x00000000;31         const uint CRYPT_PRIORITY_BOTTOM = 0xFFFFFFFF;32 33         public static void DoStuff()34         {35             uint cbBuffer = 0;36             IntPtr ppBuffer = IntPtr.Zero;37             uint Status = BCryptEnumContextFunctions(38                     CRYPT_LOCAL,39                     "SSL",40                     NCRYPT_SCHANNEL_INTERFACE,41                     ref cbBuffer,42                     ref ppBuffer);43             if (Status == 0)44             {45                 CRYPT_CONTEXT_FUNCTIONS functions = (CRYPT_CONTEXT_FUNCTIONS)Marshal.PtrToStructure(ppBuffer, typeof(CRYPT_CONTEXT_FUNCTIONS));46                 Console.WriteLine(functions.cFunctions);47                 IntPtr pStr = functions.rgpszFunctions;48                 for (int i = 0; i < functions.cFunctions; i++)49                 {50                     Console.WriteLine(Marshal.PtrToStringUni(Marshal.ReadIntPtr(pStr)));51                     pStr += IntPtr.Size;52                 }53                 BCryptFreeBuffer(ppBuffer);54             }55         }56 57         static void Main(string[] args)58         {59             DoStuff();60             Console.ReadLine();61         }62     }63 }
Cipher Suite list

Openssl can also obtain the list of cipher suites:

opessl ciphers -v

 

Microsoft also provides a list of default enabled cipher suites and corresponding settings for each operating system version.

List of Supported Cipher Suites for each operating system: https://msdn.microsoft.com/en-us/library/windows/desktop/aa374757%28v=vs.85%29.aspx? F = 255 & MSPPError =-2147217396

TLS/SSL settings: https://technet.microsoft.com/zh-cn/library/dn786418%28v=ws.11%29.aspx? F = 255 & MSPPError =-2147217396 # BKMK_SchannelTR_SSL30

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.