Merge pull request #1265 from MikeRayMSFT/master

Publish set-reset-tls.ps1

Author: MikeRayMSFT

samples/features/security/README.md

@@ -10,3 +10,5 @@
 [Azure SQL Security Demo](https://github.com/Microsoft/azure-sql-security-sample)
 
 [SQL 2016 Security Demo](contoso-clinic)
+
+[TLS 1.3 example](tls-1-3)

samples/features/security/tls-1-3/README.md

@@ -0,0 +1,5 @@
+# Enable TLS 1.3 for SQL Server
+
+[set-reset-tls.ps1](./set-reset-tls.ps1) demonstrates how you can set the registry setting to use specific encryption protocols.
+
+Learn more at [Transport Layer Security (TLS) registry settings](https://learn.microsoft.com/windows-server/security/tls/tls-registry-settings?tabs=diffie-hellman).

samples/features/security/tls-1-3/set-reset-tls.ps1

@@ -0,0 +1,27 @@
+# Learn more at https://learn.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings?tabs=diffie-hellman
+Set-StrictMode -Version Latest
+
+$base = 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\'
+$protocols = [ordered]@{
+    "SSL 2.0" = $false
+    "SSL 3.0" = $false
+    "TLS 1.0" = $false
+    "TLS 1.1" = $false
+    "TLS 1.2" = $true
+    "TLS 1.3" = $true
+}
+
+foreach ($version in $protocols.Keys) {
+
+    $enabledValue = $protocols[$version]
+    $path = $base + $version + '\Server'
+
+    New-Item $path -Force | Out-Null
+    New-ItemProperty -Path $path `
+                     -Name 'Enabled' `
+                     -Value $enabledValue `
+                     -PropertyType 'DWord' `
+                     -Force | Out-Null
+                     
+    Write-Host "$version is $enabledValue."
+}