How can I check whether TLS 1.2 is enabled in the browser (not in registry) using a PowerShell script?
To check the schannel keys in your question, this works
$key = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client\'
if (Test-Path $key) {
$TLS12 = Get-ItemProperty $key
if ($TLS12.DisabledByDefault -ne 0 -or $TLS12.Enabled -eq 0) {
Throw "TLS 1.2 Not Enabled"
}
}
Note that most browsers also check the SecureProtocols value in Internet Settings, which can be set per-user or for the whole machine:
# User settings
Get-ItemProperty 'hkcu:\Software\Microsoft\Windows\CurrentVersion\Internet Settings' -Name SecureProtocols
# Machine settings
Get-ItemProperty 'hklm:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings' -Name SecureProtocols
The Value is a little strange since it is a combination of the hex-values for each supported protocol. For example, TLS1.2 is 0x800 or 2048. Check out the Microsoft TLS 1.2 page for more details on all this information.
It is showing 280 tls 1.2 off,tls 1.2 a80 On in my laptop registry.