Skip to content

Test‑TlsProtocol

Jump to bottom
dscbot edited this page Feb 1, 2026 · 2 revisions

SYNOPSIS

Tests if specified TLS/SSL protocols are enabled on the local machine.

SYNTAX

Test-TlsProtocol [-Protocol] <SChannelSslProtocols[]> [-Client] [-Disabled]
 [<CommonParameters>]

DESCRIPTION

Tests one or more SCHANNEL protocol keys under HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols to determine whether the protocol is enabled or disabled for server-side or client-side connections. Returns $true if all specified protocols match the expected state, or $false if any do not.

EXAMPLES

EXAMPLE 1

Test-TlsProtocol -Protocol Tls12

Tests if TLS 1.2 is enabled for server-side connections.

EXAMPLE 2

Test-TlsProtocol -Protocol Tls13 -Client

Tests if TLS 1.3 is enabled for client-side connections.

EXAMPLE 3

Test-TlsProtocol -Protocol Tls12 -Disabled

Tests if TLS 1.2 is disabled for server-side connections.

EXAMPLE 4

Test-TlsProtocol -Protocol Ssl2, Ssl3 -Disabled

Tests if both SSL 2.0 and SSL 3.0 are disabled for server-side connections. Returns $true only if both protocols are disabled.

EXAMPLE 5

Test-TlsProtocol -Protocol Tls12 -Client -Disabled

Tests if TLS 1.2 is disabled for client-side connections.

PARAMETERS

-Client

When specified, checks the protocol Client registry key instead of the default Server key.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-Disabled

When specified, tests that the protocol(s) are disabled. By default the command tests that the protocol(s) are enabled.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-Protocol

One or more protocol names to check. Accepts values from the [SChannelSslProtocols] enum such as Ssl2, Ssl3, Tls, Tls11, Tls12, Tls13, Dtls1, Dtls12.

Type: SChannelSslProtocols[]
Parameter Sets: (All)
Aliases:
Accepted values: Ssl2, Ssl3, Tls, Tls11, Tls12, Tls13, DTls1, DTls12

Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

None.

OUTPUTS

System.Boolean

Returns $true if all specified protocols match the expected state,

$false otherwise.

NOTES

RELATED LINKS

Home

Commands

Resources

Clone this wiki locally