Skip to content

Commit

Permalink
Merge pull request #2171 from microsoft/ShasagarUpdated-HCTLS1.3Fix
Browse files Browse the repository at this point in the history
Don't show TLS 1.3 settings on unsupported OS #2062
  • Loading branch information
dpaulson45 authored Aug 19, 2024
2 parents 05fc4c3 + c5475f8 commit 35e98b8
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ function Invoke-AnalyzerSecuritySettings {
}

$tlsVersions = @("1.0", "1.1", "1.2", "1.3")
$tls13SupportedOS = @("Windows2012", "Windows2012R2", "Windows2016", "Windows2019") -notcontains $osInformation.BuildInformation.MajorVersion
$currentNetVersion = $osInformation.TLSSettings.Registry.NET["NETv4"]

$tlsSettings = $osInformation.TLSSettings.Registry.TLS
Expand All @@ -73,6 +74,7 @@ function Invoke-AnalyzerSecuritySettings {
$outputObjectDisplayValue.Add((NewDisplayObject "DisabledByDefault" -Location $currentTlsVersion.ServerRegistryPath -Value $currentTlsVersion.ServerDisabledByDefaultValue))
$outputObjectDisplayValue.Add((NewDisplayObject "Enabled" -Location $currentTlsVersion.ClientRegistryPath -Value $currentTlsVersion.ClientEnabledValue))
$outputObjectDisplayValue.Add((NewDisplayObject "DisabledByDefault" -Location $currentTlsVersion.ClientRegistryPath -Value $currentTlsVersion.ClientDisabledByDefaultValue))
$displayTlsSettings = $tlsKey -ne "1.3" -or ($tlsKey -eq "1.3" -and ($tls13SupportedOS -or ($currentTlsVersion.TLSConfiguration -ne "Disabled")))
$displayWriteType = "Green"

# Any TLS version is Misconfigured or Half Disabled is Red
Expand All @@ -94,7 +96,9 @@ function Invoke-AnalyzerSecuritySettings {
Details = $currentTlsVersion.TLSConfiguration
DisplayWriteType = $displayWriteType
}
Add-AnalyzedResultInformation @params
if ($displayTlsSettings) {
Add-AnalyzedResultInformation @params
}

$params = $baseParams + @{
OutColumns = ([PSCustomObject]@{
Expand All @@ -106,7 +110,9 @@ function Invoke-AnalyzerSecuritySettings {
HtmlName = "TLS Settings $tlsKey"
TestingName = "TLS Settings Group $tlsKey"
}
Add-AnalyzedResultInformation @params
if ($displayTlsSettings) {
Add-AnalyzedResultInformation @params
}
}

$netVersions = @("NETv4", "NETv2")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -194,7 +194,7 @@ Describe "Testing Health Checker by Mock Data Imports" {
TestObjectMatch "TLS 1.0" "Misconfigured" -WriteType "Red"
TestObjectMatch "TLS 1.1" "Misconfigured" -WriteType "Red"
TestObjectMatch "TLS 1.2" "Enabled" -WriteType "Green"
TestObjectMatch "TLS 1.3" "Disabled" -WriteType "Green"
#TestObjectMatch "TLS 1.3" "Disabled" -WriteType "Green"

TestObjectMatch "Display Link to Docs Page" "True" -WriteType "Yellow"

Expand Down

0 comments on commit 35e98b8

Please sign in to comment.