xDscWebService: UseSecurityBestPractices sets wrong Enabled Value

[ChristophHannappel]

Problem description

When using the UseSecurityBestPractices Parameter with $true the underlying Function Set-SChannelProtocol sets a wrong value for the Enabled DWord Property.

Currently the Function sets the value to 0xffffffff, but based on the documentation it should be 1
Quote from TLS 1.1

To disable the TLS 1.1 protocol, create an Enabled entry in the appropriate subkey. This entry does not exist in the registry by default. After you have created the entry, change the DWORD value to 0. To enable the protocol, change the DWORD value to 1.

We had an issue where a Netscaler Client was not able to create a Secure Connection while the enabled value was set to 0xffffffff, but could connect when it had been set to 1

Verbose logs

n/a

DSC configuration

n/a

Suggested solution

Change the Line $null = New-ItemProperty -Path $registryPath -Name Enabled -Value '0xffffffff' -PropertyType 'DWord' -Force
to
$null = New-ItemProperty -Path $registryPath -Name Enabled -Value '1' -PropertyType 'DWord' -Force

Operating system the target node is running

OsName               : Microsoft Windows Server 2012 R2 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsBuildLabEx    : 9600.20173.amd64fre.winblue_ltsb_escrow.211029-1700
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

PowerShell version and build the target node is running

Name                           Value                                                                                                                                                     
----                           -----                                                                                                                                                     
PSVersion                      5.1.14409.1018                                                                                                                                            
PSEdition                      Desktop                                                                                                                                                   
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                                                                                   
BuildVersion                   10.0.14409.1018                                                                                                                                           
CLRVersion                     4.0.30319.42000                                                                                                                                           
WSManStackVersion              3.0                                                                                                                                                       
PSRemotingProtocolVersion      2.3                                                                                                                                                       
SerializationVersion           1.1.0.1

xPSDesiredStateConfiguration version

Name                         Version Path                                                                                                           
----                         ------- ----                                                                                                           
xPSDesiredStateConfiguration 9.1.0   C:\Program Files\WindowsPowerShell\Modules\xPSDesiredStateConfiguration\9.1.0\xPSDesiredStateConfiguration.psd1