Skip to content

Support Modern SSLFlags #344

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rick-bennett opened this issue May 3, 2022 · 3 comments
Open

Support Modern SSLFlags #344

rick-bennett opened this issue May 3, 2022 · 3 comments
Labels
attention-needed community feature

Comments

@rick-bennett
Copy link

Currently, if we manage IIS site bindings via the puppetlabs-iis module, but then want to Enable/Disable the more modern SSLFlags, such as disabling OCSP stapling, we're unable to do so at the server level. If we go into IIS and manually check the box within the MMC console to "Disable OCSP Stapling", that works, but during the next Puppet run, the change is reverted due to site binding management.

It would be great if the existing "SSLFlags" parameter could get retooled to support strings such as:
None, Sni, CentralCertStore, DisableHTTP2, DisableOCSPStp, DisableQUIC, DisableTLS13, DisableLegacyTLS

Or, even have it get a sibling parameter of "SSLFlag". Yeah, just using singular version of the name gets a little confusing, but the equivalent PowerShell argument is singular so I'm just tossing it out there (https://docs.microsoft.com/en-us/powershell/module/iisadministration/new-iissitebinding?view=windowsserver2022-ps).

We've thought about trying to feed in additional "SSLFlags" integers (for example, 9), but even if that worked, after a while it gets a little confusing as we began to think about that scaling out the various configurations we'd need to support all our web servers (we have a lot of snowflakes).

While not a high priority item, not being able to drop back to managing the setting manually (while still being able to manage the bindings via Puppet) is the main pain point.

ocsp
@chelnak
Copy link
Contributor

chelnak commented May 23, 2022

Hey @RFBennet! I think this is a great feature request and something I'd like to see in the module.

Is this something that you would be interested in having a go at?

If not it's certainly something we can add to our feature backlog!

@github-actions
Copy link

Hello! 👋

This issue has been open for a while and has had no recent activity. We've labelled it with attention-needed so that we can get a clear view of which issues need our attention.

If you are waiting on a response from us we will try and address your comments on a future Community Day.

Alternatively, if it is no longer relevant to you please close the issue with a comment.

@chelnak chelnak reopened this Aug 29, 2022
@github-actions github-actions bot closed this as completed Sep 6, 2022
@chelnak chelnak reopened this Sep 6, 2022
@github-actions
Copy link

github-actions bot commented Jan 2, 2023

Hello! 👋

This issue has been open for a while and has had no recent activity. We've labelled it with attention-needed so that we can get a clear view of which issues need our attention.

If you are waiting on a response from us we will try and address your comments on a future Community Day.

Alternatively, if it is no longer relevant to you please close the issue with a comment.

@github-actions github-actions bot closed this as completed Jan 9, 2023
@chelnak chelnak reopened this Jan 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
attention-needed community feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@chelnak @david22swan @rick-bennett @ia-content @LukasAud