Can I enforce a cipher suite with powershell

Solution 1:

You kind of can.

When looking at this page, you can set your own Cipher with the highest priority to use:

PS C:\>Enable-TlsCipherSuite -Name "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" -Position 0

Solution 2:

As far as I know you have no control over what cipher suite is used from PowerShell or dot.net, the underlying Windows APIs will negotiate the 'best' suite with the server.

I am using https://github.com/nabla-c0d3/sslyze/ which also has a binary exe version to test for cipher suites. When calling it from PowerShell, you have to do some parsing of the output. Or use the native Python implementation. Of look at the Python code to see what they are doing.

Why Windows domain controller reset password for domain computers? [closed]

About IOPS of a RAID5 disk array without cache

ubuntu 127.0.0.1 not working, going timeout

Outlook "Empty Deleted Items folders when exiting Outlook" option is greyed-out

Fully remove a default program association for file types in Windows 10?

Windows 10 mounts USB drive after 6 minute delay

What is the difference between USB Mini A and Mini B?

In Windows 10, how can we set an application to be the default for all of its supported file types?

constantly run into ERR_NETWORK_CHANGED error on chrome/mac when switching between vpn and home networks. All the browsers run into this issue

I think my laptop's wifi adapter hardware damaged

Excel Formula using multiple conditions

Howto repair broken USB-C Power Delivery cable?