deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
nimishasatapathy 4fa1b3ca16 Updated
2021-09-28 11:35:38 +05:30

4.2 KiB
Raw Blame History

title, description, ms.author, ms.localizationpriority, ms.topic, ms.prod, ms.technology, author, ms.date, ms.reviewer, manager
title description ms.author ms.localizationpriority ms.topic ms.prod ms.technology author ms.date ms.reviewer manager
Policy CSP - ADMX_CipherSuiteOrder Policy CSP - ADMX_CipherSuiteOrder dansimp medium article w10 windows manikadhiman 08/17/2020 dansimp

Policy CSP - ADMX_CipherSuiteOrder

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX_CipherSuiteOrder policies

ADMX_CipherSuiteOrder/SSLCipherSuiteOrder
ADMX_CipherSuiteOrder/SSLCurveOrder

ADMX_CipherSuiteOrder/SSLCipherSuiteOrder

Edition Windows 10 Windows 11
Home No No
Pro No No
Business No No
Enterprise Yes Yes
Education Yes Yes

Scope:

[!div class = "checklist"]

  • Device

This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).

If you enable this policy setting, SSL cipher suites are prioritized in the order specified.

If you disable or do not configure this policy setting, default cipher suite order is used.

For information about supported cipher suites, see Cipher Suites in TLS/SSL (Schannel SSP).

ADMX Info:

  • GP Friendly name: SSL Cipher Suite Order
  • GP name: SSLCipherSuiteOrder
  • GP path: Network/SSL Configuration Settings
  • GP ADMX file name: CipherSuiteOrder.admx

ADMX_CipherSuiteOrder/SSLCurveOrder

Edition Windows 10 Windows 11
Home No No
Pro No No
Business No No
Enterprise Yes Yes
Education Yes Yes

Scope:

[!div class = "checklist"]

  • Device

This policy setting determines the priority order of ECC curves used with ECDHE cipher suites.

If you enable this policy setting, ECC curves are prioritized in the order specified. Enter one curve name per line.

If you disable or do not configure this policy setting, the default ECC curve order is used.

The default curve order is as follows:

  • curve25519
  • NistP256
  • NistP384

To see all the curves supported on the system, enter the following command:

CertUtil.exe -DisplayEccCurve

ADMX Info:

  • GP Friendly name: ECC Curve Order
  • GP name: SSLCurveOrder
  • GP path: Network/SSL Configuration Settings
  • GP ADMX file name: CipherSuiteOrder.admx