Reset‑TlsProtocol - dsccommunity/SChannelDsc GitHub Wiki

SYNOPSIS

Resets specified TLS/SSL protocols by removing SCHANNEL registry keys.

SYNTAX

Reset-TlsProtocol [[-Protocol] <SChannelSslProtocols[]>] [-Client] [-Force]
 [-WhatIf] [-Confirm] [<CommonParameters>]

DESCRIPTION

Removes SCHANNEL protocol registry keys under HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols for the server-side Server key by default. Use the -Client switch to operate on the Client key instead. This resets the protocol configuration to the Windows default behavior.

If no protocol is specified, all supported protocols are reset.

EXAMPLES

EXAMPLE 1

Reset-TlsProtocol

Resets all supported TLS/SSL protocols for server-side connections by removing the corresponding registry keys, restoring Windows default behavior.

EXAMPLE 2

Reset-TlsProtocol -Protocol Tls12

Resets TLS 1.2 for server-side connections by removing the corresponding registry key, restoring Windows default behavior.

EXAMPLE 3

Reset-TlsProtocol -Protocol Tls12 -Client

Resets TLS 1.2 for client-side connections.

EXAMPLE 4

Reset-TlsProtocol -Protocol Ssl2, Ssl3

Resets SSL 2.0 and SSL 3.0 for server-side connections.

EXAMPLE 5

Reset-TlsProtocol -Client -Force

Resets all supported TLS/SSL protocols for client-side connections without prompting for confirmation.

EXAMPLE 6

Reset-TlsProtocol -Protocol Tls -Force

Resets TLS 1.0 for server-side connections without prompting for confirmation.

PARAMETERS

-Client

When specified, operate on the protocol Client registry key instead of the default Server key.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-Force

Suppresses confirmation prompts.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-Protocol

One or more protocol names to reset. Accepts values from the [SChannelSslProtocols] enum such as Ssl2, Ssl3, Tls, Tls11, Tls12, Tls13, Dtls1, Dtls12. If not specified, all supported protocols are reset.

Type: SChannelSslProtocols[]
Parameter Sets: (All)
Aliases:
Accepted values: Ssl2, Ssl3, Tls, Tls11, Tls12, Tls13, DTls1, DTls12

Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

None.

OUTPUTS

None.

NOTES

RELATED LINKS