Hello,
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\CipherSuites
This key contains entries for individual cipher suites. By modifying these entries, you can enable or disable specific cipher suites.
This is the most relevant key for your purpose of restricting cipher suites used with EAP-TLS.
Modify Cipher Suite Entries:
Locate the specific cipher suite you want to enable or disable.
The cipher suite entries are named using a specific format (e.g., TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).
Set the Enabled DWORD value to 0 to disable the cipher suite or 1 to enable it.
Restart the Computer: After making changes, restart your computer for the settings to take effect.
Noted: Disabling certain cipher suites might affect compatibility with older or less secure devices and services. Ensure that the cipher suites you enable are compatible with your network infrastructure and client devices.
Best regards
Zunhui
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.