检查windows系统支持的密码套件【window server 2012】

三级等保过程中漏扫发现的漏洞
其中windows系统需要禁用des等加密算法，在网上搜到的解决办法，检查windows系统支持的密码套件

Windows server 2016之前版本微软并没有给出相应的powershell 命令来获取密码套件列表，但在msdn上给出了c++代码

同时微软官网也给到了检查windows系统支持的密码套件BCryptEnumContextFunctions 函数也给出了示例代码。
结合两个参考，编译生成。

#include <windows.h>
#include <stdio.h>
#include <Bcrypt.h>
#pragma comment(lib, "Bcrypt.lib")

#ifndef NT_SUCCESS
#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
#endif

NTSTATUS EnumContextFunctions()
{
	NTSTATUS status;
	ULONG uSize = 0;
	PCRYPT_CONTEXTS pContexts = NULL;

	// Get the contexts for the local machine. 
	// CNG will allocate the memory for us.
	status = BCryptEnumContexts(CRYPT_LOCAL, &uSize, &pContexts);
	if (NT_SUCCESS(status))
	{
		// Enumerate the context identifiers.
		for (ULONG uContextIndex = 0;
			uContextIndex < pContexts->cContexts;
			uContextIndex++)
		{
			wprintf(L"Context functions for %s:\n",
				pContexts->rgpszContexts[uContextIndex]);

			// Get the functions for this context.
			// CNG will allocate the memory for us.
			PCRYPT_CONTEXT_FUNCTIONS pContextFunctions = NULL;
			status = BCryptEnumContextFunctions(
				CRYPT_LOCAL,
				//pContexts->rgpszContexts[uContextIndex],
				L"SSL",
				NCRYPT_SCHANNEL_INTERFACE,
				&uSize,
				&pContextFunctions);
			if (NT_SUCCESS(status))
			{
				// Enumerate the functions.
				for (ULONG i = 0;
					i < pContextFunctions->cFunctions;
					i++)
				{
					wprintf(L"\t%s\n",
						pContextFunctions->rgpszFunctions[i]);
				}

				// Free the context functions buffer.
				BCryptFreeBuffer(pContextFunctions);
			}
		}

		// Free the contexts buffer.
		BCryptFreeBuffer(pContexts);
	}

	return status;
}

void RemoveCrypt(LPWSTR wszCipher)
{
	NTSTATUS status = ERROR_SUCCESS;
	//LPWSTR wszCipher = (L"TLS_PSK_WITH_NULL_SHA256");
	status = BCryptRemoveContextFunction(
		CRYPT_LOCAL,
		L"SSL",
		NCRYPT_SCHANNEL_INTERFACE,
		wszCipher);
	if (NT_SUCCESS(status))
	{
		wprintf(L"result of RemoveCrypt %s is success\n", wszCipher);
	}
	else
	{
		wprintf(L"result of RemoveCrypt %s is fail\n", wszCipher);
	}

}
void AddCryptTOP(LPWSTR wszCipher)
{
	NTSTATUS status = ERROR_SUCCESS;
	//LPWSTR wszCipher = （L “RSA_EXPORT1024_DES_CBC_SHA”）;
	status = BCryptAddContextFunction(
		CRYPT_LOCAL,
		L"SSL",
		NCRYPT_SCHANNEL_INTERFACE,
		wszCipher,
		CRYPT_PRIORITY_TOP);
	if (NT_SUCCESS(status))
	{
		wprintf(L"result of AddCrypt %s is success\n", wszCipher);
	}
	else
	{
		wprintf(L"result of AddCrypt %s is fail\n", wszCipher);
	}
}
void AddCryptBOTTOM(LPWSTR wszCipher)
{
	NTSTATUS status = ERROR_SUCCESS;
	//LPWSTR wszCipher = （L “RSA_EXPORT1024_DES_CBC_SHA”）;
	status = BCryptAddContextFunction(
		CRYPT_LOCAL,
		L"SSL",
		NCRYPT_SCHANNEL_INTERFACE,
		wszCipher,
		CRYPT_PRIORITY_BOTTOM);
	if (NT_SUCCESS(status))
	{
		wprintf(L"result of AddCrypt %s is success\n", wszCipher);
	}
	else
	{
		wprintf(L"result of AddCrypt %s is fail\n", wszCipher);
	}
}
LPWSTR ConvertCharToLPWSTR(char* szString)
{
	int dwLen = strlen(szString) + 1;
	int nwLen = MultiByteToWideChar(CP_ACP, 0, szString, dwLen, NULL, 0);//算出合适的长度
	LPWSTR lpszPath = new WCHAR[dwLen];
	MultiByteToWideChar(CP_ACP, 0, szString, dwLen, lpszPath, nwLen);
	return lpszPath;
}

int main(int argc, char** argv)
{
	if (strcmp(argv[1],"getLists")==0){
		EnumContextFunctions();
		return 0;
	}
	if (strcmp(argv[1],"remove") == 0){
		RemoveCrypt(ConvertCharToLPWSTR(argv[2]));
		return 0;
	}
	if (strcmp(argv[1],"addTop") == 0){
		AddCryptTOP(ConvertCharToLPWSTR(argv[2]));
		return 0;
	}
	if (strcmp(argv[1], "addBottom") == 0){
		AddCryptBOTTOM(ConvertCharToLPWSTR(argv[2]));
		return 0;
	}
}

在cmd或者powershell中执行，检查windows系统支持的密码套件
Get-TlsCipherSuite.exe getLists

删除密码套件 Get-TlsCipherSuite.exe remove 【套件名称】
添加某个密码套件到优先底部 Get-TlsCipherSuite.exe addBottom 【套件名称】
添加某个密码套件到优先顶部 Get-TlsCipherSuite.exe addTop 【套件名称】

window2012版本的TlsCipherSuite执行代码下载