Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Specify the TLS cipher suites to disable
Supported versions
- On Windows and macOS since 85 or later
Description
Configure the list of cipher suites that are disabled for TLS connections.
If you configure this policy, the list of configured cipher suites will not be used when establishing TLS connections.
If you don't configure this policy, the browser will choose which TLS cipher suites to use.
Cipher suite values to be disabled are specified as 16-bit hexadecimal values. The values are assigned by the Internet Assigned Numbers Authority (IANA) registry.
The TLS 1.3 cipher suite TLS_AES_128_GCM_SHA256 (0x1301) is required for TLS 1.3 and can't be disabled by this policy.
This policy does not affect QUIC-based connections. QUIC can be turned off via the QuicAllowed policy.
Supported features
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
- Per Profile: No
- Applies to a profile that is signed in with a Microsoft account: Yes
Data type
- List of strings
Windows information and settings
Group Policy (ADMX) info
- GP unique name: TLSCipherSuiteDenyList
- GP name: Specify the TLS cipher suites to disable
- GP path (Mandatory): Administrative Templates/Microsoft Edge
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Example value
0x1303
0xcca8
0xcca9
Registry settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList
- Path (Recommended): N/A
- Value name: 1, 2, 3, ...
- Value type: List of REG_SZ
Example registry value
SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList\1 =
0x1303
SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList\2 =
0xcca8
SOFTWARE\Policies\Microsoft\Edge\TLSCipherSuiteDenyList\3 =
0xcca9
Mac information and settings
- Preference Key name: TLSCipherSuiteDenyList
- Example value:
<array>
<string>0x1303</string>
<string>0xcca8</string>
<string>0xcca9</string>
</array>