< Back
Enable-TlsCipherSuite
Post
NAME Enable-TlsCipherSuite
SYNOPSIS
Enables a TLS cipher suite.
SYNTAX
Enable-TlsCipherSuite [-Name] <String> [[-Position] <UInt32>] [<CommonParameters>]
DESCRIPTION
The Enable-TlsCipherSuite cmdlet enables a cipher suite. This cmdlet adds the cipher suite to the list of Transport Layer Security (TLS) protocol cipher
suites for the computer. If you do not specify a position in the list, this cmdlet adds it at the lowest position.
If a cipher suite is not enabled for TLS based secure channel (Schannel) registry settings, then the cipher suite is not used.
This cmdlet is based on Cryptography Next Generation (CNG) Cryptographic Configuration. Schannel registry settings and settings specified by means of
Security Support Provider Interface (SSPI) by each app can override CNG Cryptographic Configuration. Other settings under
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL can also configure cipher suites. These settings can impact whether a
cipher suite can be used. For example, disabling of SHA hashes supported by TLS disables the corresponding cipher suites. Additionally, applications can
limit the algorithms using SSPI. For more information about TLS settings, see How to restrict the use of certain cryptographic algorithms and protocols
in Schannel.dll.
PARAMETERS
-Name <String>
Specifies the name of the TLS cipher suite to enable.
Required? true
Position? 1
Default value none
Accept pipeline input? true(ByValue,ByPropertyName)
Accept wildcard characters? false
-Position [<UInt32>]
Specifies the position at which to insert the cipher suite in the ordered list of TLS cipher suites. The cmdlet inserts the cipher suite at the
position that this parameter specifies, ahead of any existing cipher suites.
Specify a value of 0 or CRYPT_PRIORITY_TOP to insert the function at the top of the list. Specify a value of 4294967295 or 0xFFFFFFFF or
CRYPT_PRIORITY_BOTTOM to insert the function at the end of the list.
Required? false
Position? 2
Default value none
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
Example 1: Enable a cipher suite
PS C:\\>Enable-TlsCipherSuite -Name "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
This command enables cipher suite named TLS_DHE_DSS_WITH_AES_256_CBC_SHA. This command adds the cipher suite the TLS cipher suite list as the lowest
priority.
Example 2: Enable a cipher suite as the lowest priority
PS C:\\>Enable-TlsCipherSuite -Name "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" -Position 4294967295
This command enables cipher suite named TLS_DHE_DSS_WITH_AES_256_CBC_SHA. This command adds the cipher suite the TLS cipher suite list as the lowest
priority. Unlike the first example, this command explicitly specifies position number 4294967295, which is the value of CRYPT_PRIORITY_BOTTOM.
Example 3: Enable a cipher suite as the highest priority
PS C:\\>Enable-TlsCipherSuite -Name "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" -Position 0
This command enables cipher suite named TLS_DHE_DSS_WITH_AES_256_CBC_SHA. This command adds the cipher suite the TLS cipher suite list at position 0,
which is the highest priority.
RELATED LINKS
Disable-TlsCipherSuite
Get-TlsCipherSuite
CommonParameters : True
WorkflowCommonParameters : False
details : @{name=Enable-TlsEccCurve; noun=TlsEccCurve; verb=Enable}
Syntax : @{syntaxItem=System.Object[]}
parameters : @{parameter=System.Object[]}
inputTypes : @{inputType=}
returnValues : @{returnValue=}
aliases : None
remarks : Get-Help cannot find the Help files for this cmdlet on this computer. It is displaying only partial help.
-- To download and install Help files for the module that includes this cmdlet, use Update-Help.
PSSnapIn :
alertSet :
description :
examples :
Synopsis :
Enable-TlsEccCurve [-Name] <string> [[-Position] <uint32>] [-WhatIf] [-Confirm] [<CommonParameters>]
ModuleName : TLS
nonTerminatingErrors :
xmlns:command : http://schemas.microsoft.com/maml/dev/command/2004/10
xmlns:dev : http://schemas.microsoft.com/maml/dev/2004/10
xmlns:maml : http://schemas.microsoft.com/maml/2004/10
Name : Enable-TlsEccCurve
Category : Cmdlet
Component :
Role :
Functionality :
SYNOPSIS
Enables a TLS cipher suite.
SYNTAX
Enable-TlsCipherSuite [-Name] <String> [[-Position] <UInt32>] [<CommonParameters>]
DESCRIPTION
The Enable-TlsCipherSuite cmdlet enables a cipher suite. This cmdlet adds the cipher suite to the list of Transport Layer Security (TLS) protocol cipher
suites for the computer. If you do not specify a position in the list, this cmdlet adds it at the lowest position.
If a cipher suite is not enabled for TLS based secure channel (Schannel) registry settings, then the cipher suite is not used.
This cmdlet is based on Cryptography Next Generation (CNG) Cryptographic Configuration. Schannel registry settings and settings specified by means of
Security Support Provider Interface (SSPI) by each app can override CNG Cryptographic Configuration. Other settings under
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL can also configure cipher suites. These settings can impact whether a
cipher suite can be used. For example, disabling of SHA hashes supported by TLS disables the corresponding cipher suites. Additionally, applications can
limit the algorithms using SSPI. For more information about TLS settings, see How to restrict the use of certain cryptographic algorithms and protocols
in Schannel.dll.
PARAMETERS
-Name <String>
Specifies the name of the TLS cipher suite to enable.
Required? true
Position? 1
Default value none
Accept pipeline input? true(ByValue,ByPropertyName)
Accept wildcard characters? false
-Position [<UInt32>]
Specifies the position at which to insert the cipher suite in the ordered list of TLS cipher suites. The cmdlet inserts the cipher suite at the
position that this parameter specifies, ahead of any existing cipher suites.
Specify a value of 0 or CRYPT_PRIORITY_TOP to insert the function at the top of the list. Specify a value of 4294967295 or 0xFFFFFFFF or
CRYPT_PRIORITY_BOTTOM to insert the function at the end of the list.
Required? false
Position? 2
Default value none
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
Example 1: Enable a cipher suite
PS C:\\>Enable-TlsCipherSuite -Name "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
This command enables cipher suite named TLS_DHE_DSS_WITH_AES_256_CBC_SHA. This command adds the cipher suite the TLS cipher suite list as the lowest
priority.
Example 2: Enable a cipher suite as the lowest priority
PS C:\\>Enable-TlsCipherSuite -Name "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" -Position 4294967295
This command enables cipher suite named TLS_DHE_DSS_WITH_AES_256_CBC_SHA. This command adds the cipher suite the TLS cipher suite list as the lowest
priority. Unlike the first example, this command explicitly specifies position number 4294967295, which is the value of CRYPT_PRIORITY_BOTTOM.
Example 3: Enable a cipher suite as the highest priority
PS C:\\>Enable-TlsCipherSuite -Name "TLS_DHE_DSS_WITH_AES_256_CBC_SHA" -Position 0
This command enables cipher suite named TLS_DHE_DSS_WITH_AES_256_CBC_SHA. This command adds the cipher suite the TLS cipher suite list at position 0,
which is the highest priority.
RELATED LINKS
Disable-TlsCipherSuite
Get-TlsCipherSuite
CommonParameters : True
WorkflowCommonParameters : False
details : @{name=Enable-TlsEccCurve; noun=TlsEccCurve; verb=Enable}
Syntax : @{syntaxItem=System.Object[]}
parameters : @{parameter=System.Object[]}
inputTypes : @{inputType=}
returnValues : @{returnValue=}
aliases : None
remarks : Get-Help cannot find the Help files for this cmdlet on this computer. It is displaying only partial help.
-- To download and install Help files for the module that includes this cmdlet, use Update-Help.
PSSnapIn :
alertSet :
description :
examples :
Synopsis :
Enable-TlsEccCurve [-Name] <string> [[-Position] <uint32>] [-WhatIf] [-Confirm] [<CommonParameters>]
ModuleName : TLS
nonTerminatingErrors :
xmlns:command : http://schemas.microsoft.com/maml/dev/command/2004/10
xmlns:dev : http://schemas.microsoft.com/maml/dev/2004/10
xmlns:maml : http://schemas.microsoft.com/maml/2004/10
Name : Enable-TlsEccCurve
Category : Cmdlet
Component :
Role :
Functionality :