IIS site binding new SSL flags #627
Description
Problem description
DSC_WebBindingInformation SslFlags property supports only one of the SSL flags at a time and contains only None, Sni, and CentralCertStore
With Server 2022, new SSL flags have been added that can also be combined. The following SSL flags are new DisableHTTP2, DisableOCSPStp, DisableQUIC, DisableTLS13, DisableLegacyTLS
Verbose logs
only accepts 0,1,2,3
[Write,Description("The type of binding used for Secure Sockets Layer (SSL) certificates. This property is supported in IIS 8.0 or later, and is only applicable for https bindings."),ValueMap{"0","1","2","3"},Values{"0","1","2","3"}] String SslFlags;
DSC configuration
DSC_WebBindingInformation {
Protocol = 'https'
Port = '443'
HostName = 'my.domain.com'
IPAddress = '*'
CertificateStoreName = 'WebHosting'
CertificateThumbprint = 'MyThumbPrint'
SslFlags = 97 #SNI with DisableTLS13 and DisableLegacyTLS
}Suggested solution
Support for the new SSL flags and allowing the combination of these flags should be added
Operating system the target node is running
OsName : Microsoft Windows Server 2022 Standard
OsOperatingSystemSKU : StandardServerEdition
OsArchitecture : 64-bit
WindowsVersion : 2009
WindowsBuildLabEx : 20348.1.amd64fre.fe_release.210507-1500
OsLanguage : en-US
OsMuiLanguages : {en-US}
PowerShell version and build the target node is running
PSVersion 5.1.20348.2110
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.20348.2110
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WebAdministrationDsc version
WebAdministrationDsc 4.1.0 C:\Program Files\WindowsPowerShell\Modules\WebAdministrationDsc\4.1.0\WebAdministrationDsc.psd1