AES 256/256

Enables or disables the use of AES 256/256. Note that in order for Windows 2003 to support AES-256, hotfix KB948963 must be installed.

Changing this setting will have an effect on whether the following ciphers can be selected for use:

TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256

Supported on: At least Windows Server 2003

Registry Hive	HKEY_LOCAL_MACHINE
Registry Path	SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 256/256
Value Name	Enabled
Value Type	REG_DWORD
Enabled Value	4294967295
Disabled Value	0

schannel.admx

Administrative Templates (Computers)

Network
- SChannel Configuration Settings
  - Cipher Suites
  - Hashes
  - Key Exchange Algorithms
  - Protocols
  - SChannel Logging
    - SChannel Logging
- SSL Configuration Settings
  - Ciphers
    - Weak Ciphers
      - DES 56/56
      - NULL
      - RC2 40/128
      - RC2 56/128
      - RC2 128/128
      - RC4 40/128
      - RC4 56/128
      - RC4 64/128
      - RC4 128/128
    - AES 128/128
    - AES 256/256
    - Triple DES 168
  - Hashes
    - MD5
    - SHA-256
    - SHA-384
    - SHA-512
    - SHA
  - Key Exchanges
    - Diffie-Hellman
    - ECDH
    - PKCS
  - Protocols
    - Weak Protocols
    - TLS 1.0
    - TLS 1.1
    - TLS 1.2