en-US

Prefer specific encryption cipher algorithms for TLS

Supported on: Microsoft Windows 7 or later

Registry

HKLM Software\Policies\Google\Chrome
HKCU Software\Policies\Google\Chrome

Options

PreferSlowCiphers enum
  • Prefer ciphers satisfying the requirements of CNSA 1.0 and 2.0 -> cnsa
  • Use Google Chrome's default cipher order -> default

Description

This policy configures Google Chrome to order its preferred encryption ciphers in TLS 1.3 to reflect a preference for algorithms that have been approved by a specific compliance regime. Setting this policy does not guarantee that any specific algorithms will be negotiated. This policy exists to allow server operators who wish to support clients with and without compliance requirements to differentiate between those clients, and only use certain non-default algorithms with increased cryptographic strength for those explicitly configured to prefer them. Setting the policy to 'cnsa' configures Google Chrome to prefer ciphers required for compliance with the Commercial National Security Algorithm Suite versions 1.0 and 2.0 (CNSA 1.0 and 2.0). Not setting the policy, or setting it to 'default', configures Google Chrome to use its default ciphers. Setting this policy is not required for security. The default cryptography used by Google Chrome is strong enough to withstand a brute force attack using the entire power of the Sun. Setting this policy will cause Google Chrome to be slower when accessing websites. This policy only affects TLS 1.3 and QUIC; it does not affect earlier versions of TLS. Example value: cnsa