SChannelDsc

1.6.0-preview0001

DSCResources/DSC_CipherSuites/en-US/about_CipherSuites.help.txt

                                .NAME

    CipherSuites

.DESCRIPTION

    This resource is responsible for enabling or disabling cipher suites.

.PARAMETER IsSingleInstance

    Key - String

    Allowed values: Yes

    Required parameter to enforce the resource is only added once

.PARAMETER CipherSuitesOrder

    Write - StringArray

    Specifies which Cipher Suites should be configured on the server

.PARAMETER Ensure

    Write - String

    Allowed values: Present, Absent

    Specifies if the specified Cipher Suites should be present or not

.PARAMETER RebootWhenRequired

    Write - Boolean

    Specifies if a reboot will be performed when required (Default: False)

.EXAMPLE 1

This example shows how to configure a secure Windows Server 2016 cipher

suites order.

Configuration Example

{

    param ()

    Import-DscResource -ModuleName SChannelDsc

    node localhost {

        CipherSuites ConfigureCipherSuites

        {

            IsSingleInstance  = 'Yes'

            CipherSuitesOrder = @(

                'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',

                'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',

                'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',

                'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',

                'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384',

                'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256',

                'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384',

                'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256',

                'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',

                'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',

                'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA',

                'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA',

                'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',

                'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',

                'TLS_DHE_RSA_WITH_AES_256_CBC_SHA',

                'TLS_DHE_RSA_WITH_AES_128_CBC_SHA',

                'TLS_RSA_WITH_AES_256_GCM_SHA384',

                'TLS_RSA_WITH_AES_128_GCM_SHA256',

                'TLS_RSA_WITH_AES_256_CBC_SHA256',

                'TLS_RSA_WITH_AES_128_CBC_SHA256',

                'TLS_RSA_WITH_AES_256_CBC_SHA',

                'TLS_RSA_WITH_AES_128_CBC_SHA',

                'TLS_RSA_WITH_3DES_EDE_CBC_SHA',

                'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256',

                'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256',

                'TLS_DHE_DSS_WITH_AES_256_CBC_SHA',

                'TLS_DHE_DSS_WITH_AES_128_CBC_SHA',

                'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA',

                'TLS_PSK_WITH_AES_256_GCM_SHA384',

                'TLS_PSK_WITH_AES_128_GCM_SHA256',

                'TLS_PSK_WITH_AES_256_CBC_SHA384',

                'TLS_PSK_WITH_AES_128_CBC_SHA256'

                )

            Ensure            = 'Present'

        }

    }

}