The following is stored in powershell
#Maintainer Note: The leftmost parameter must match the registry key name exactly e.g. 'DES 56'
#For more information please check https://support.microsoft.com/en-us/kb/245030
$bannedCiphersJSON = @"
{
"RC4 128/128":{
"IsPermitted":false,
"AffectedCiphers":[
"SSL_RSA_WITH_RC4_128_MD5",
"SSL_RSA_WITH_RC4_128_SHA",
"TLS_RSA_WITH_RC4_128_MD5",
"TLS_RSA_WITH_RC4_128_SHA"
]
},
"Triple DES 168":{
"IsPermitted":false,
"AffectedCiphers":[
"SSL_RSA_WITH_3DES_EDE_CBC_SHA",
"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" ,
"TLS_RSA_WITH_3DES_EDE_CBC_SHA" ,
"TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
]
},
"RC4 56/128":{
"IsPermitted":false,
"AffectedCiphers":[
"TLS_RSA_EXPORT1024_WITH_RC4_56_SHA"
]
},
"DES 56":{
"IsPermitted":false,
"AffectedCiphers":[
"SSL_RSA_WITH_DES_CBC_SHA"
]
},
"RC4 40/128":{
"IsPermitted":false,
"AffectedCiphers":[
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
"TLS_RSA_EXPORT_WITH_RC4_40_MD5"
]
},
"RC2 40/128":{
"IsPermitted":false,
"AffectedCiphers":[
"SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
"TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"
]
},
"MD5":{
"IsPermitted":false,
"AffectedCiphers":[
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
"SSL_RSA_WITH_RC4_128_MD5",
"SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
"TLS_RSA_EXPORT_WITH_RC4_40_MD5",
"TLS_RSA_WITH_RC4_128_MD5",
"TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"
]
},
"SHA":{
"IsPermitted":false,
"AffectedCiphers":[
"SSL_RSA_WITH_RC4_128_SHA",
"SSL_RSA_WITH_DES_CBC_SHA",
"SSL_RSA_WITH_3DES_EDE_CBC_SHA",
"SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA",
"SSL_RSA_EXPORT1024_WITH_RC4_56_SHA",
"TLS_RSA_WITH_RC4_128_SHA",
"TLS_RSA_WITH_DES_CBC_SHA",
"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA",
"TLS_RSA_EXPORT1024_WITH_RC4_56_SHA"
]
}
}
"@
$bannedCiphers =$bannedCiphersJSON | ConvertFrom-Json
function Get-TLSProtocol{
For ($i=0; $i -lt $bannedCiphers.Count; $i++)
{
write-output $i
}
}
Get-TLSProtocol
When I run a Get-Member
against the object, each object seems to be a "note property". Because of this I think the array definition isn't correct. (my goal is to get a list of objects that I can use to inspect the registry.
PS C:\users\golden> $bannedCiphers | get-member
TypeName: System.Management.Automation.PSCustomObject
Name MemberType Definition
---- ---------- ----------
Equals Method bool Equals(System.Object obj)
GetHashCode Method int GetHashCode()
GetType Method type GetType()
ToString Method string ToString()
DES 56 NoteProperty System.Management.Automation.PSCustomObject DES 56=@{IsPermitted=False; AffectedCiphers=...
MD5 NoteProperty System.Management.Automation.PSCustomObject MD5=@{IsPermitted=False; AffectedCiphers=Sys...
RC2 40/128 NoteProperty System.Management.Automation.PSCustomObject RC2 40/128=@{IsPermitted=False; AffectedCiph...
RC4 128/128 NoteProperty System.Management.Automation.PSCustomObject RC4 128/128=@{IsPermitted=False; AffectedCip...
RC4 40/128 NoteProperty System.Management.Automation.PSCustomObject RC4 40/128=@{IsPermitted=False; AffectedCiph...
RC4 56/128 NoteProperty System.Management.Automation.PSCustomObject RC4 56/128=@{IsPermitted=False; AffectedCiph...
SHA NoteProperty System.Management.Automation.PSCustomObject SHA=@{IsPermitted=False; AffectedCiphers=Sys...
Triple DES 168 NoteProperty System.Management.Automation.PSCustomObject Triple DES 168=@{IsPermitted=False; Affected...
What is the correct way to define an object within powershell so that I can iterate over the top most layer?
you have a PSCustomObject, not an array. that object has some arrays buried in the properties, tho. [grin] here's one way to get the list & the count ...
$AffectedCiphers = foreach ($PropName in $Test.PSObject.Properties.Name)
{
$Test.$PropName.AffectedCiphers
}
'There are {0} ciphers in the Banned Ciphers list.' -f $AffectedCiphers.Count
output:
There are 30 ciphers in the Banned Ciphers list.
what the above does:
.PSObject
property of all powershell objects .AffectedCiphers
property values (an array of values, in this case)$AffectedCiphers
$AffectedCiphers
hope that helps,
lee