How to change modify the TLS settings and Cipher suites used for network authentication EAP-TLS on Windows?

roms77 0 Reputation points
2025-01-08T07:53:26.3033333+00:00

Hello,

I need to restrict ciphers used for network authentication (EAP-TLS) when connecting Windows 10/11 computers to the network.

I saw several registry key entries but not sure I am using the correct one and if they are used with EAP-TLS

Can you plese confirm:

  • HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
  • HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\CipherSuites
  • HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002

Any ideas?

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,960 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Zunhui Han 2,790 Reputation points Microsoft Vendor
    2025-01-09T16:09:41.68+00:00

    Hello,

    HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\CipherSuites

    This key contains entries for individual cipher suites. By modifying these entries, you can enable or disable specific cipher suites.

    This is the most relevant key for your purpose of restricting cipher suites used with EAP-TLS.

    Modify Cipher Suite Entries:

    Locate the specific cipher suite you want to enable or disable.

    The cipher suite entries are named using a specific format (e.g., TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).

    Set the Enabled DWORD value to 0 to disable the cipher suite or 1 to enable it.

    Restart the Computer: After making changes, restart your computer for the settings to take effect.

    Noted: Disabling certain cipher suites might affect compatibility with older or less secure devices and services. Ensure that the cipher suites you enable are compatible with your network infrastructure and client devices.

    Best regards

    Zunhui

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.