From 77929366ff76ff3544bb3d3f4edfd09f82203efe Mon Sep 17 00:00:00 2001
From: jampete <65547945+jampete@users.noreply.github.com>
Date: Fri, 7 Feb 2025 12:44:26 -0600
Subject: [PATCH] Update Collectors.cs

Fixes the issue when there is  a client or server key created for the TLS setting but no enabled or DisabledByDefault sub keys or values defined.
---
 SQLCheck/SQLCheck/Collectors.cs | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/SQLCheck/SQLCheck/Collectors.cs b/SQLCheck/SQLCheck/Collectors.cs
index 1bc64cb..35d254b 100644
--- a/SQLCheck/SQLCheck/Collectors.cs
+++ b/SQLCheck/SQLCheck/Collectors.cs
@@ -860,11 +860,17 @@ public static void CollectTLS(DataSet ds)
                     TLS["TLSVersion"] = tlsVersion;
                     defVal = tlsInfo.GetComputerDefault(tlsVersion, cs);
                     TLS["Defaultvalue"] = defVal;
-                    temp = Registry.GetValue($@"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\{tlsVersion}\{cs}", "Enabled", "");
+                    if (Registry.GetValue($@"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\{tlsVersion}\{cs}", "Enabled", null) == null)
+                        temp = null;
+                    else
+                        temp = Registry.GetValue($@"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\{tlsVersion}\{cs}", "Enabled", "");
                     if (tlsVersion == "TLS 1.3" && temp != null) isTLS13KeyPresent = true;
                     enVal = temp == null ? "" : ((temp.ToInt() != 0) ? $"True " : "False") + $" (0x{temp.ToInt().ToString("X8")})" + CheckTLS(tlsVersion, "Enabled", temp.ToInt());
                     TLS["EnabledValue"] = enVal;
-                    temp = Registry.GetValue($@"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\{tlsVersion}\{cs}", "DisabledByDefault", "");
+                    if (Registry.GetValue($@"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\{tlsVersion}\{cs}", "DisabledByDefault", null) == null)
+                        temp = null;
+                    else
+                        temp = Registry.GetValue($@"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\{tlsVersion}\{cs}", "DisabledByDefault", "");
                     if (tlsVersion == "TLS 1.3" && temp != null) isTLS13KeyPresent = true;
                     disVal = temp == null ? "" : ((temp.ToInt() != 0) ? $"True " : "False") + $" (0x{temp.ToInt().ToString("X8")})" + CheckTLS(tlsVersion, "DisabledByDefault", temp.ToInt());
                     TLS["DisabledByDefaultValue"] = disVal;