Specify the TLS cipher suites to disable

Configure the list of cipher suites that are disabled for TLS connections.

If you configure this policy, the list of configured cipher suites will not be used when establishing TLS connections.

If you don't configure this policy, the browser will choose which TLS cipher suites to use.

Cipher suite values to be disabled are specified as 16-bit hexadecimal values. The values are assigned by the Internet Assigned Numbers Authority (IANA) registry.

The TLS 1.3 cipher suite TLS_AES_128_GCM_SHA256 (0x1301) is required for TLS 1.3 and can't be disabled by this policy.

This policy does not affect QUIC-based connections. QUIC can be turned off via the 'QuicAllowed' (Allow QUIC protocol) policy.

Example value:


Supported on: Microsoft Edge version 85, Windows 7 or later

Specify the TLS cipher suites to disable

Registry PathSoftware\Policies\Microsoft\Edge\TLSCipherSuiteDenyList
Value Name{number}
Value TypeREG_SZ
Default Value


Administrative Templates (Computers)

Administrative Templates (Users)