Enable a TLS 1.3 security feature for local trust anchors (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge 85.

This policy doesn't work because it was only intended to be a short-term mechanism to give enterprises more time to upgrade affected proxies.

This policy controls a security feature in TLS 1.3 that protects connections against downgrade attacks. It is backwards-compatible and will not affect connections to compliant TLS 1.2 servers or proxies. However, older versions of some TLS-intercepting proxies have an implementation flaw which causes them to be incompatible.

If you enable this policy or don't set it, Microsoft Edge will enable these security protections for all connections.

If you disable this policy, Microsoft Edge will disable these security protections for connections authenticated with locally-installed CA certificates. These protections are always enabled for connections authenticated with publicly-trusted CA certificates.

This policy can be used to test for any affected proxies and upgrade them. Affected proxies are expected to fail connections with an error code of ERR_TLS13_DOWNGRADE_DETECTED.

Supported on: Microsoft Edge version 81-85, Windows 7 or later

Registry HiveHKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
Registry PathSoftware\Policies\Microsoft\Edge
Value NameTLS13HardeningForLocalAnchorsEnabled
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

msedge.admx

Administrative Templates (Computers)

Administrative Templates (Users)