Prefer specific encryption cipher algorithms for TLS

Options

Description

This policy configures Microsoft Edge to order its preferred encryption ciphers in TLS 1.3 based on algorithms approved by a specific compliance regime. Setting this policy does not guarantee that any specific algorithms will be negotiated. This policy allows server operators who support both compliant and non-compliant clients to differentiate between them, and use certain non-default algorithms with increased cryptographic strength only for clients explicitly configured to prefer them. Setting the policy to 'cnsa' configures Microsoft Edge to prefer ciphers required for compliance with the Commercial National Security Algorithm Suite versions 1.0 and 2.0 (CNSA 1.0 and 2.0). Not setting the policy, or setting it to 'default', configures Microsoft Edge to use its default ciphers. Setting this policy isn't required for security. The default cryptography used by Microsoft Edge is strong enough to withstand a brute-force attack using the entire power of the Sun. Setting this policy will cause Microsoft Edge to be slower when accessing websites. This policy only affects TLS 1.3 and QUIC. It doesn't affect earlier versions of TLS. Policy options mapping: * CNSA (cnsa) = Prefer ciphers satisfying the requirements of CNSA 1.0 and 2.0 * Default (default) = Use Microsoft Edge's default cipher order Use the preceding information when configuring this policy. Example value: cnsa