This query is designed to find Windows systems (Win7, Win Server 2012 R2 and above) that have overridden the disabling of insecure TLS versions. The output looks like:
select
case
when data = '0' then 'TRUE'
else 'FALSE'
end 'insecure_protocol_enabled',
split(key,'\\',7) as 'protocol',
split(key,'\\',8) as 'type'
from registry
where key like 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\%\%'
and name = 'DisabledByDefault'
and split(split(key,'\\',7),' ',1) < '1.2';
1 Comment
