最近开发遇见一个《 his could be due to the fact that the server certificate is not configured property with HTTP.SYS in the HTTPS case》问题。
由于服务半年没有部署修改过,突然提示错误,查阅相关文档了解到,服务器关闭了TLS10安全协议。一下是检查服务器TLS支持协议版本号的Powershell脚本
脚本来源:
function Test-ServerSSLSupport { [CmdletBinding()] param( [Parameter(Mandatory = $true, ValueFromPipeline = $true)] [ValidateNotNullOrEmpty()] [string]$HostName, [UInt16]$Port = 443 ) process { $RetValue = New-Object psobject -Property @{ Host = $HostName Port = $Port SSLv2 = $false SSLv3 = $false TLSv1_0 = $false TLSv1_1 = $false TLSv1_2 = $false KeyExhange = $null HashAlgorithm = $null } "ssl2", "ssl3", "tls", "tls11", "tls12" | %{ $TcpClient = New-Object Net.Sockets.TcpClient $TcpClient.Connect($RetValue.Host, $RetValue.Port) $SslStream = New-Object Net.Security.SslStream $TcpClient.GetStream(), $true, ([System.Net.Security.RemoteCertificateValidationCallback]{ $true }) $SslStream.ReadTimeout = 15000 $SslStream.WriteTimeout = 15000 try { $SslStream.AuthenticateAsClient($RetValue.Host,$null,$_,$false) $RetValue.KeyExhange = $SslStream.KeyExchangeAlgorithm $RetValue.HashAlgorithm = $SslStream.HashAlgorithm $status = $true } catch { $status = $false } switch ($_) { "ssl2" {$RetValue.SSLv2 = $status} "ssl3" {$RetValue.SSLv3 = $status} "tls" {$RetValue.TLSv1_0 = $status} "tls11" {$RetValue.TLSv1_1 = $status} "tls12" {$RetValue.TLSv1_2 = $status} } # dispose objects to prevent memory leaks $TcpClient.Dispose() $SslStream.Dispose() } $RetValue } }
调用示例:
"www.baidu.com" Test-ServerSSLSupport
由于默认是访问的443端口,如果443没有启动可以在代码中修改$Port