检查windows系统支持的密码套件
Windows 10客户端及Windows server 2016 服务器可以使用powershell 命令获得系统支持的密码套件列表,禁用启用相应的密码套件。
#命令链接:https://technet.microsoft.com/zh-cn/library/dn931990.aspx
#win10 server2016获得系统支持的套件的列表
Get-TlsCipherSuite |ft name #win10 server2016启用密码套件 Enable-TlsCipherSuite -name "" #win10 server2016禁用密码套件 Disable-TlsCipherSuite -name ""
Windows server 2016之前版本微软并没有给出相应的powershell 命令来获取密码套件列表,但在msdn上给出了c++代码
msdn链接:https://msdn.microsoft.com/en-us/library/windows/desktop/bb870930(v=vs.85).aspx
1 #include <stdio.h> 2 #include <windows.h> 3 #include <bcrypt.h> 4 5 6 void main() 7 { 8 9 HRESULT Status = ERROR_SUCCESS; 10 DWORD cbBuffer = 0; 11 PCRYPT_CONTEXT_FUNCTIONS pBuffer = NULL; 12 13 Status = BCryptEnumContextFunctions( 14 CRYPT_LOCAL, 15 L"SSL", 16 NCRYPT_SCHANNEL_INTERFACE, 17 &cbBuffer, 18 &pBuffer); 19 if(FAILED(Status)) 20 { 21 printf_s("\n**** Error 0x%x returned by BCryptEnumContextFunctions\n", Status); 22 goto Cleanup; 23 } 24 25 if(pBuffer == NULL) 26 { 27 printf_s("\n**** Error pBuffer returned from BCryptEnumContextFunctions is null"); 28 goto Cleanup; 29 } 30 31 printf_s("\n\n Listing Cipher Suites "); 32 for(UINT index = 0; index < pBuffer->cFunctions; ++index) 33 { 34 printf_s("\n%S", pBuffer->rgpszFunctions[index]); 35 } 36 37 Cleanup: 38 if (pBuffer != NULL) 39 { 40 BCryptFreeBuffer(pBuffer); 41 } 42 }
1 #include <stdio.h> 2 #include <windows.h> 3 #include <bcrypt.h> void main() 4 { 5 SECURITY_STATUS Status = ERROR_SUCCESS; 6 LPWSTR wszCipher =(L “RSA_EXPORT1024_DES_CBC_SHA”); 7 Status = BCryptAddContextFunction( 8 CRYPT_LOCAL, 9 L “SSL”, 10 NCRYPT_SCHANNEL_INTERFACE, 11 wszCipher, 12 CRYPT_PRIORITY_TOP); 13 }
1 #include <stdio.h> 2 #include <windows.h> 3 #include <bcrypt.h> void main() 4 { 5 SECURITY_STATUS Status = ERROR_SUCCESS; 6 LPWSTR wszCipher =(L “TLS_RSA_WITH_RC4_128_SHA”); 7 Status = BCryptRemoveContextFunction( 8 CRYPT_LOCAL, 9 L “SSL”, 10 NCRYPT_SCHANNEL_INTERFACE, 11 wszCipher); 12 }
*.上有人将获得密码套件列表的代码改成了c#,然后利用powershell 命令可以直接调用这些代码(add-type),也可以将这些代码利用csc.exe编译成.dll或者.exe,建议编译成exe,可以直接在其他的终端cmd控制台调用。
*.链接:https://*.com/questions/19695623/how-to-call-schannel-functions-from-net-c
1 using System; 2 using System.Text; 3 using System.Runtime.InteropServices; 4 5 namespace ConsoleApplication1 6 { 7 class Program 8 { 9 [DllImport("Bcrypt.dll", CharSet = CharSet.Unicode)] 10 static extern uint BCryptEnumContextFunctions(uint dwTable, string pszContext, uint dwInterface, ref uint pcbBuffer, ref IntPtr ppBuffer); 11 12 [DllImport("Bcrypt.dll")] 13 static extern void BCryptFreeBuffer(IntPtr pvBuffer); 14 15 [DllImport("Bcrypt.dll", CharSet = CharSet.Unicode)] 16 static extern uint BCryptAddContextFunction(uint dwTable, string pszContext, uint dwInterface, string pszFunction, uint dwPosition); 17 18 [DllImport("Bcrypt.dll", CharSet = CharSet.Unicode)] 19 static extern uint BCryptRemoveContextFunction(uint dwTable, string pszContext, uint dwInterface, string pszFunction); 20 21 [StructLayout(LayoutKind.Sequential)] 22 public struct CRYPT_CONTEXT_FUNCTIONS 23 { 24 public uint cFunctions; 25 public IntPtr rgpszFunctions; 26 } 27 28 const uint CRYPT_LOCAL = 0x00000001; 29 const uint NCRYPT_SCHANNEL_INTERFACE = 0x00010002; 30 const uint CRYPT_PRIORITY_TOP = 0x00000000; 31 const uint CRYPT_PRIORITY_BOTTOM = 0xFFFFFFFF; 32 33 public static void DoStuff() 34 { 35 uint cbBuffer = 0; 36 IntPtr ppBuffer = IntPtr.Zero; 37 uint Status = BCryptEnumContextFunctions( 38 CRYPT_LOCAL, 39 "SSL", 40 NCRYPT_SCHANNEL_INTERFACE, 41 ref cbBuffer, 42 ref ppBuffer); 43 if (Status == 0) 44 { 45 CRYPT_CONTEXT_FUNCTIONS functions = (CRYPT_CONTEXT_FUNCTIONS)Marshal.PtrToStructure(ppBuffer, typeof(CRYPT_CONTEXT_FUNCTIONS)); 46 Console.WriteLine(functions.cFunctions); 47 IntPtr pStr = functions.rgpszFunctions; 48 for (int i = 0; i < functions.cFunctions; i++) 49 { 50 Console.WriteLine(Marshal.PtrToStringUni(Marshal.ReadIntPtr(pStr))); 51 pStr += IntPtr.Size; 52 } 53 BCryptFreeBuffer(ppBuffer); 54 } 55 } 56 57 static void Main(string[] args) 58 { 59 DoStuff(); 60 Console.ReadLine(); 61 } 62 } 63 }
openssl 也可以获得密码套件列表:
opessl ciphers -v
微软也给出了各操作系统版本中默认启用的密码套件列表以及相应的设置
各操作系统支持密码套件的列表:https://msdn.microsoft.com/en-us/library/windows/desktop/aa374757%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396
TLS/SSL设置:https://technet.microsoft.com/zh-cn/library/dn786418%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396#BKMK_SchannelTR_SSL30
推荐阅读
-
windows7系统下给WORD2010设置打开密码的方法
-
windows7系统下给WORD2010设置打开密码的方法
-
2021年的Windows 10系统大改 将支持ARM运行64位X86
-
苹果电脑支持win10吗?苹果电脑支持安装windows 10系统的设备汇总介绍
-
不是第一次了:Windows 10将在12月停止对2004版本系统的支持服务
-
如何使用口袋PE启动U盘破解Windows系统的登陆密码
-
检查windows系统支持的密码套件
-
Windows 11系统怎么修改用户名密码? win11更改账户密码的多种方法
-
Windows2003 SQL2005解决系统Administrator密码不知道的问题
-
Windows、Linux、ARM、Android、iOS全平台支持的RTMP推流组件EasyRTMP- iOS进入预览界面系统直接崩溃的原因分析