diff --git a/iis/configuration/system.applicationHost/sites/site/bindings/binding.md b/iis/configuration/system.applicationHost/sites/site/bindings/binding.md index c07086b2e..06882ccc9 100644 --- a/iis/configuration/system.applicationHost/sites/site/bindings/binding.md +++ b/iis/configuration/system.applicationHost/sites/site/bindings/binding.md @@ -101,7 +101,7 @@ You can add `` elements within the `` element for each site i | --- | --- | | `bindingInformation` | Required string attribute.

Specifies information to communicate with a site. For example, a Web site binding includes the IP address (or unspecified IP addresses), the port number, and an optional host header used to communicate with the site. | | `protocol` | Required string attribute.

Specifies the protocol for communicating with a site. | -| `sslFlags` | Optional uint attribute.

Specifies the type of binding used for Secure Sockets Layer (SSL) certificates.
Centralized SSL certificate support enables you to create a centralized certificate store that can contain multiple certificate files. You can name the certificate files to correspond to the host names that they contain. This enables you to create a binding that only requires a port, rather than an IP/port or a host name/port combination. When a request comes in, IIS matches the port, determines the host name from the request, and searches the centralized certificate store for a certificate file with a matching name. It uses that certificate.

With a Server Name Indicator (SNI), the host name is exchanged as part of the SSL handshake. SNI is enabled in the Add Site Binding dialog box when you add a binding with a type of HTTPS. This is especially useful for SSL connections that host multiple servers on a single network address. For more information, see [IIS 8.0 Server Name Indication (SNI): SSL Scalability](/iis/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability).

The sslFlags attribute is only set when the protocol is **https**. The default value is `0`. | +| `sslFlags` | Optional `uint` attribute that works like flags type, with the following possible flags:
Value Description
0 The secure connection made using an IP/Port combination. Only one certificate can be bound to a combination of IP address and the port.
1 The secure connection made using the port number and the host name obtained by using Server Name Indication (SNI).
2 The secure connection be made using the centralized SSL certificate store.
4 Disable HTTP/2.
8 Disable OCSP Stapling.
16 Disable QUIC.
32 Disable TLS 1.3 over TCP.
64 Disable Legacy TLS.
Centralized SSL certificate support enables creating a centralized certificate store that can contain multiple certificate files. The certificate files can be named to correspond to the host names that they contain. This enables creating a binding that only requires a port, rather than an IP/port or a host name/port combination. When a request comes in, IIS matches the port, determines the host name from the request, and searches the centralized certificate store for a certificate file with a matching name. It uses that certificate.

With a Server Name Indicator (SNI), the host name is exchanged as part of the SSL handshake. SNI is enabled in the **Add Site Binding** dialog box when adding a binding with a type of HTTPS. This is useful for SSL connections that host multiple servers on a single network address.

Values greater than 4 are only supported in IIS 10 version 1809 and higher. The default value is `0`. | ### Child Elements