Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IIS site binding new SSL flags #627

Open
rtrocmn opened this issue Nov 23, 2023 · 0 comments
Open

IIS site binding new SSL flags #627

rtrocmn opened this issue Nov 23, 2023 · 0 comments
Labels
enhancement The issue is an enhancement request. help wanted The issue is up for grabs for anyone in the community.

Comments

@rtrocmn
Copy link

rtrocmn commented Nov 23, 2023

Problem description

DSC_WebBindingInformation SslFlags property supports only one of the SSL flags at a time and contains only None, Sni, and CentralCertStore
With Server 2022, new SSL flags have been added that can also be combined. The following SSL flags are new DisableHTTP2, DisableOCSPStp, DisableQUIC, DisableTLS13, DisableLegacyTLS

Verbose logs

only accepts 0,1,2,3

    [Write,Description("The type of binding used for Secure Sockets Layer (SSL) certificates. This property is supported in IIS 8.0 or later, and is only applicable for https bindings."),ValueMap{"0","1","2","3"},Values{"0","1","2","3"}] String SslFlags;

DSC configuration

DSC_WebBindingInformation {
                        Protocol              = 'https'
                        Port                  = '443'
                        HostName              = 'my.domain.com'
                        IPAddress             = '*'
                        CertificateStoreName  = 'WebHosting'
                        CertificateThumbprint = 'MyThumbPrint'
                        SslFlags              = 97 #SNI with DisableTLS13 and DisableLegacyTLS 
                    }

Suggested solution

Support for the new SSL flags and allowing the combination of these flags should be added

Operating system the target node is running

OsName               : Microsoft Windows Server 2022 Standard
OsOperatingSystemSKU : StandardServerEdition
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 20348.1.amd64fre.fe_release.210507-1500
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

PowerShell version and build the target node is running

PSVersion                      5.1.20348.2110
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.20348.2110
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

WebAdministrationDsc version

WebAdministrationDsc 4.1.0   C:\Program Files\WindowsPowerShell\Modules\WebAdministrationDsc\4.1.0\WebAdministrationDsc.psd1
@johlju johlju added enhancement The issue is an enhancement request. help wanted The issue is up for grabs for anyone in the community. labels Nov 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement The issue is an enhancement request. help wanted The issue is up for grabs for anyone in the community.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@johlju @rtrocmn