Get-TlsCipherSuite

Gets the TLS cipher suites for a computer.

Syntax

Get-TlsCipherSuite
   [[-Name] <String>]
   [<CommonParameters>]

Description

The Get-TlsCipherSuite cmdlet gets an ordered collection of cipher suites for a computer that Transport Layer Security (TLS) can use.

For more information about the TLS cipher suites, see the documentation for the Enable-TlsCipherSuite cmdlet or type Get-Help Enable-TlsCipherSuite.

For more information about protocol versions , see BCRYPT_KDF_TLS_PRF (L"TLS_PRF").

Examples

Example 1: Get all cipher suites

Get-TlsCipherSuite

KeyType               : 0
Certificate           : RSA
MaximumExchangeLength : 65536
MinimumExchangeLength : 0
Exchange              : ECDH
HashLength            : 0
Hash                  :
CipherBlockLength     : 16
CipherLength          : 256
BaseCipherSuite       : 49200
CipherSuite           : 49200
Cipher                : AES
Name                  : TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Protocols             : {771}

KeyType               : 0
Certificate           : RSA
MaximumExchangeLength : 65536
MinimumExchangeLength : 0
Exchange              : ECDH
HashLength            : 0
Hash                  :
CipherBlockLength     : 16
CipherLength          : 128
BaseCipherSuite       : 49199
CipherSuite           : 49199
Cipher                : AES
Name                  : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Protocols             : {771}

This command gets all TLS cipher suites for the computer.

Example 2: Get the cipher suites that match a string

Get-TlsCipherSuite -Name AES

KeyType               : 0
Certificate           : ECDSA
MaximumExchangeLength : 65536
MinimumExchangeLength : 0
Exchange              : ECDH
HashLength            : 0
Hash                  :
CipherBlockLength     : 16
CipherLength          : 256
BaseCipherSuite       : 49196
CipherSuite           : 49196
Cipher                : AES
Name                  : TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Protocols             : {771, 65277}

KeyType               : 0
Certificate           : ECDSA
MaximumExchangeLength : 65536
MinimumExchangeLength : 0
Exchange              : ECDH
HashLength            : 0
Hash                  :
CipherBlockLength     : 16
CipherLength          : 128
BaseCipherSuite       : 49195
CipherSuite           : 49195
Cipher                : AES
Name                  : TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Protocols             : {771, 65277}

This command gets all the cipher suites that have names that contain the string AES. Note that the name match is case sensitive and this command returns no output for the name aes. The output includes a field for the TLS/SSL protocols supported by the cipher. See Cipher Suites in TLS/SSL (Schannel SSP) for more information.

Parameters

-Name

Specifies the name of the TLS cipher suite to get. The cmdlet gets cipher suites that match the string that this cmdlet specifies, so you can specify a partial name. The name match is case sensitive.

Type:String
Position:1
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False