From 4aa7afe2c48121f380ad72517a6e31cddff138fd Mon Sep 17 00:00:00 2001
From: Shashank Agarwal <shasagar@microsoft.com>
Date: Thu, 15 Aug 2024 10:47:30 -0400
Subject: [PATCH 1/2] Update Invoke-AnalyzerSecuritySettings.ps1

---
 .../Security/Invoke-AnalyzerSecuritySettings.ps1       | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecuritySettings.ps1 b/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecuritySettings.ps1
index 44340d3a41..fde6653792 100644
--- a/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecuritySettings.ps1
+++ b/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecuritySettings.ps1
@@ -49,6 +49,7 @@ function Invoke-AnalyzerSecuritySettings {
     }
 
     $tlsVersions = @("1.0", "1.1", "1.2", "1.3")
+    $tls13SupportedOS = @("Windows2012", "Windows2012R2", "Windows2016", "Windows2019") -notcontains $osInformation.BuildInformation.MajorVersion
     $currentNetVersion = $osInformation.TLSSettings.Registry.NET["NETv4"]
 
     $tlsSettings = $osInformation.TLSSettings.Registry.TLS
@@ -73,6 +74,7 @@ function Invoke-AnalyzerSecuritySettings {
         $outputObjectDisplayValue.Add((NewDisplayObject "DisabledByDefault" -Location $currentTlsVersion.ServerRegistryPath -Value $currentTlsVersion.ServerDisabledByDefaultValue))
         $outputObjectDisplayValue.Add((NewDisplayObject "Enabled" -Location $currentTlsVersion.ClientRegistryPath -Value $currentTlsVersion.ClientEnabledValue))
         $outputObjectDisplayValue.Add((NewDisplayObject "DisabledByDefault" -Location $currentTlsVersion.ClientRegistryPath -Value $currentTlsVersion.ClientDisabledByDefaultValue))
+        $displayTlsSettings = $tlsKey -ne "1.3" -or ($tlsKey -eq "1.3" -and ($tls13SupportedOS  -or ($currentTlsVersion.TLSConfiguration -ne "Disabled")))
         $displayWriteType = "Green"
 
         # Any TLS version is Misconfigured or Half Disabled is Red
@@ -94,7 +96,9 @@ function Invoke-AnalyzerSecuritySettings {
             Details          = $currentTlsVersion.TLSConfiguration
             DisplayWriteType = $displayWriteType
         }
-        Add-AnalyzedResultInformation @params
+        if ($displayTlsSettings) {
+            Add-AnalyzedResultInformation @params
+        }
 
         $params = $baseParams + @{
             OutColumns           = ([PSCustomObject]@{
@@ -106,7 +110,9 @@ function Invoke-AnalyzerSecuritySettings {
             HtmlName             = "TLS Settings $tlsKey"
             TestingName          = "TLS Settings Group $tlsKey"
         }
-        Add-AnalyzedResultInformation @params
+        if ($displayTlsSettings) {
+            Add-AnalyzedResultInformation @params
+        }
     }
 
     $netVersions = @("NETv4", "NETv2")

From c5475f815d192a1ed075e937d8eb11b4735e5f89 Mon Sep 17 00:00:00 2001
From: Shashank Agarwal <shasagar@microsoft.com>
Date: Thu, 15 Aug 2024 14:31:55 -0400
Subject: [PATCH 2/2] Update HealthChecker.E19.Scenarios.Tests.ps1

modified /Diagnostics/HealthChecker/Tests/HealthChecker.E19.Scenarios.Tests.ps1 to comment out #TestObjectMatch "TLS 1.3" "Disabled" -WriteType "Green"
---
 .../HealthChecker/Tests/HealthChecker.E19.Scenarios.Tests.ps1   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Scenarios.Tests.ps1 b/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Scenarios.Tests.ps1
index f7fe439d9a..39f4c32452 100644
--- a/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Scenarios.Tests.ps1
+++ b/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Scenarios.Tests.ps1
@@ -194,7 +194,7 @@ Describe "Testing Health Checker by Mock Data Imports" {
             TestObjectMatch "TLS 1.0" "Misconfigured" -WriteType "Red"
             TestObjectMatch "TLS 1.1" "Misconfigured" -WriteType "Red"
             TestObjectMatch "TLS 1.2" "Enabled" -WriteType "Green"
-            TestObjectMatch "TLS 1.3" "Disabled" -WriteType "Green"
+            #TestObjectMatch "TLS 1.3" "Disabled" -WriteType "Green"
 
             TestObjectMatch "Display Link to Docs Page" "True" -WriteType "Yellow"