deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
Vinay Pamnani e25ccc0fb0 Update 2009 to 20H2
2024-08-06 13:15:20 -06:00

5.9 KiB
Raw Blame History

title, description, ms.date
title description ms.date
ADMX_CipherSuiteOrder Policy CSP Learn more about the ADMX_CipherSuiteOrder Area in Policy CSP. 08/06/2024

Policy CSP - ADMX_CipherSuiteOrder

[!INCLUDE ADMX-backed CSP tip]

SSLCipherSuiteOrder

Scope Editions Applicable OS
Device
User		 Pro
Enterprise
Education
Windows SE
IoT Enterprise / IoT Enterprise LTSC		 Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later
Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later
Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later		 
./Device/Vendor/MSFT/Policy/Config/ADMX_CipherSuiteOrder/SSLCipherSuiteOrder

This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).

  • If you enable this policy setting, SSL cipher suites are prioritized in the order specified.

  • If you disable or don't configure this policy setting, default cipher suite order is used.

Link for all the cipherSuites: https://go.microsoft.com/fwlink/?LinkId=517265

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

[!INCLUDE ADMX-backed policy note]

ADMX mapping:

Name Value
Name SSLCipherSuiteOrder
Friendly Name SSL Cipher Suite Order
Location Computer Configuration
Path Network > SSL Configuration Settings
Registry Key Name SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002
ADMX File Name CipherSuiteOrder.admx

SSLCurveOrder

Scope Editions Applicable OS
Device
User		 Pro
Enterprise
Education
Windows SE
IoT Enterprise / IoT Enterprise LTSC		 Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later
Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later
Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later
Windows 11, version 21H2 [10.0.22000] and later		 
./Device/Vendor/MSFT/Policy/Config/ADMX_CipherSuiteOrder/SSLCurveOrder

This policy setting determines the priority order of ECC curves used with ECDHE cipher suites.

  • If you enable this policy setting, ECC curves are prioritized in the order specified.(Enter one Curve name per line)

  • If you disable or don't configure this policy setting, the default ECC curve order is used.

Default Curve Order

curve25519 NistP256 NistP384

To See all the curves supported on the system, Use the following command:

CertUtil.exe -DisplayEccCurve.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

[!INCLUDE ADMX-backed policy note]

ADMX mapping:

Name Value
Name SSLCurveOrder
Friendly Name ECC Curve Order
Location Computer Configuration
Path Network > SSL Configuration Settings
Registry Key Name SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002
ADMX File Name CipherSuiteOrder.admx

Related articles

Policy configuration service provider