Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added new flags introduced in IIS 10 version 1809. #1064

Merged
merged 1 commit into from
Oct 24, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ You can add `<binding>` elements within the `<bindings>` element for each site i
| --- | --- |
| `bindingInformation` | Required string attribute.<br><br>Specifies information to communicate with a site. For example, a Web site binding includes the IP address (or unspecified IP addresses), the port number, and an optional host header used to communicate with the site. |
| `protocol` | Required string attribute.<br><br>Specifies the protocol for communicating with a site. |
| `sslFlags` | Optional uint attribute.<br><br>Specifies the type of binding used for Secure Sockets Layer (SSL) certificates.<br><ul> <li>A value of "0" specifies that the secure connection be made using an IP/Port combination. Only one certificate can be bound to a combination of IP address and the port.</li> <li>A value of "1" specifies that the secure connection be made using the port number and the host name obtained by using Server Name Indication (SNI).</li> <li>A value of "2" specifies that the secure connection be made using the centralized SSL certificate store without requiring a Server Name Indicator.</li> <li>A value of "3" specifies that the secure connection be made using the centralized SSL certificate store while requiring Server Name Indicator</li></ul> Centralized SSL certificate support enables you to create a centralized certificate store that can contain multiple certificate files. You can name the certificate files to correspond to the host names that they contain. This enables you to create a binding that only requires a port, rather than an IP/port or a host name/port combination. When a request comes in, IIS matches the port, determines the host name from the request, and searches the centralized certificate store for a certificate file with a matching name. It uses that certificate. <br><br> With a Server Name Indicator (SNI), the host name is exchanged as part of the SSL handshake. SNI is enabled in the Add Site Binding dialog box when you add a binding with a type of HTTPS. This is especially useful for SSL connections that host multiple servers on a single network address. For more information, see [IIS 8.0 Server Name Indication (SNI): SSL Scalability](/iis/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability). <br><br>The sslFlags attribute is only set when the protocol is **https**. The default value is `0`. |
| `sslFlags` | Optional `uint` attribute that works like flags type, with the following possible flags: <table> <tbody> <tr> <th>Value</th> <th>Description</th></tr> <tr> <th><code>0</code></th> <td>The secure connection made using an IP/Port combination. Only one certificate can be bound to a combination of IP address and the port.</td></tr> <tr> <th><code>1</code></th> <td>The secure connection made using the port number and the host name obtained by using Server Name Indication (SNI).</td></tr> <tr> <th><code>2</code></th> <td>The secure connection be made using the centralized SSL certificate store.</td></tr> <tr> <th><code>4</code></th> <td>Disable HTTP/2.</td></tr> <tr> <th><code>8</code></th> <td>Disable OCSP Stapling.</td></tr> <tr> <th><code>16</code></th> <td>Disable QUIC.</td></tr> <tr> <th><code>32</code></th> <td>Disable TLS 1.3 over TCP.</td></tr> <tr> <th><code>64</code></th> <td>Disable Legacy TLS.</td></tr> </tbody></table> Centralized SSL certificate support enables creating a centralized certificate store that can contain multiple certificate files. The certificate files can be named to correspond to the host names that they contain. This enables creating a binding that only requires a port, rather than an IP/port or a host name/port combination. When a request comes in, IIS matches the port, determines the host name from the request, and searches the centralized certificate store for a certificate file with a matching name. It uses that certificate. <br><br> With a Server Name Indicator (SNI), the host name is exchanged as part of the SSL handshake. SNI is enabled in the **Add Site Binding** dialog box when adding a binding with a type of HTTPS. This is useful for SSL connections that host multiple servers on a single network address. <br><br> Values greater than 4 are only supported in IIS 10 version 1809 and higher. The default value is `0`. |

### Child Elements

Expand Down