Configure the list of cipher suites that are disabled for TLS connections.
If you configure this policy, the list of configured cipher suites will not be used when establishing TLS connections.
If you don't configure this policy, the browser will choose which TLS cipher suites to use.
Cipher suite values to be disabled are specified as 16-bit hexadecimal values. The values are assigned by the Internet Assigned Numbers Authority (IANA) registry.
The TLS 1.3 cipher suite TLS_AES_128_GCM_SHA256 (0x1301) is required for TLS 1.3 and can't be disabled by this policy.
This policy does not affect QUIC-based connections. QUIC can be turned off via the 'QuicAllowed' (Allow QUIC protocol) policy.
Example value:
0x1303
0xcca8
0xcca9
Registry Hive | HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER |
Registry Path | Software\Policies\Microsoft\Edge\TLSCipherSuiteDenyList |
Value Name | {number} |
Value Type | REG_SZ |
Default Value |