Prefer specific encryption cipher algorithms for TLS
Supported on: Microsoft Windows 7 or later
Registry
Software\Policies\Google\Chrome Software\Policies\Google\Chrome Options
PreferSlowCiphers enum - Prefer ciphers satisfying the requirements of CNSA 1.0 and 2.0
->
cnsa - Use Google Chrome's default cipher order
->
default
Description
This policy configures Google Chrome to order its preferred encryption ciphers in TLS 1.3 to reflect a preference for algorithms that have been approved by a specific compliance regime. Setting this policy does not guarantee that any specific algorithms will be negotiated. This policy exists to allow server operators who wish to support clients with and without compliance requirements to differentiate between those clients, and only use certain non-default algorithms with increased cryptographic strength for those explicitly configured to prefer them. Setting the policy to 'cnsa' configures Google Chrome to prefer ciphers required for compliance with the Commercial National Security Algorithm Suite versions 1.0 and 2.0 (CNSA 1.0 and 2.0). Not setting the policy, or setting it to 'default', configures Google Chrome to use its default ciphers. Setting this policy is not required for security. The default cryptography used by Google Chrome is strong enough to withstand a brute force attack using the entire power of the Sun. Setting this policy will cause Google Chrome to be slower when accessing websites. This policy only affects TLS 1.3 and QUIC; it does not affect earlier versions of TLS. Example value: cnsa