diff --git a/iis/configuration/system.applicationHost/sites/siteDefaults/bindings/binding.md b/iis/configuration/system.applicationHost/sites/siteDefaults/bindings/binding.md index df818112d..f94eb5be7 100644 --- a/iis/configuration/system.applicationHost/sites/siteDefaults/bindings/binding.md +++ b/iis/configuration/system.applicationHost/sites/siteDefaults/bindings/binding.md @@ -76,7 +76,7 @@ You can add default `` elements within the `` element in the | --- | --- | | `bindingInformation` | Required string attribute.

Specifies information to communicate with a site. For example, a Web site binding includes the IP address (or unspecified IP addresses), the port number, and an optional host header used to communicate with the site. | | `protocol` | Required string attribute.

Specifies the protocol for communicating with a site. | -| `sslFlags` | Optional uint attribute.

Specifies the type of binding used for Secure Sockets Layer (SSL) certificates.
Centralized SSL certificate support enables you to create a centralized certificate store that can contain multiple certificate files. You can name the certificate files to correspond to the host names that they contain. This enables you to create a binding that only requires a port, rather than an IP/port or a host name/port combination. When a request comes in, IIS matches the port, determines the host name from the request, and searches the centralized certificate store for a certificate file with a matching name. It uses that certificate.

With a Server Name Indicator (SNI), the host name is exchanged as part of the SSL handshake. SNI is enabled in the Add Site Binding dialog box when you add a binding with a type of HTTPS. This is especially useful for SSL connections that host multiple servers on a single network address.

The default value is `0`. | +| `sslFlags` | Optional uint attribute but works like flags type, with the following possible flags.
Value Description
0 The secure connection be made using an IP/Port combination. Only one certificate can be bound to a combination of IP address and the port.
1 The secure connection be made using the port number and the host name obtained by using Server Name Indication (SNI).
2 The secure connection be made using the centralized SSL certificate store.
4 Disable HTTP/2.
8 Disable OCSP Stapling.
16 Disable QUIC.
32 Disable TLS 1.3 over TCP.
64 Disable Legacy TLS.
Centralized SSL certificate support enables you to create a centralized certificate store that can contain multiple certificate files. You can name the certificate files to correspond to the host names that they contain. This enables you to create a binding that only requires a port, rather than an IP/port or a host name/port combination. When a request comes in, IIS matches the port, determines the host name from the request, and searches the centralized certificate store for a certificate file with a matching name. It uses that certificate.

With a Server Name Indicator (SNI), the host name is exchanged as part of the SSL handshake. SNI is enabled in the Add Site Binding dialog box when you add a binding with a type of HTTPS. This is especially useful for SSL connections that host multiple servers on a single network address.

Values greater than 4 are only supported in IIS 10 version 1809 and above. The default value is `0`. | ### Child Elements