Prefer specific key exchange algorithms for TLS
Supported on: Microsoft Edge version 146, Windows 7 or later
Registry
Software\Policies\Microsoft\Edge Software\Policies\Microsoft\Edge Options
PreferSlowKexAlgorithms enum - Prefer key exchange methods satisfying the requirements of CNSA 2.0
->
cnsa2 - Use Microsoft Edge's default supported groups
->
default
Description
This policy configures Microsoft Edge to prioritize certain key agreement algorithms (supported groups) in TLS 1.3 based on compliance requirements. If you set this policy to 'cnsa2', Microsoft Edge prefers the algorithms required for the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0). If you leave this policy unset or set it to 'default', the browser uses its standard key exchange order. This policy does not guarantee negotiation of a specific algorithm. It is designed to help server operators distinguish clients with compliance requirements and apply higher-strength, non-default algorithms only when appropriate. This policy applies only to TLS 1.3 and QUIC. The default cryptography used by Microsoft Edge already provides strong security, but enabling this policy may reduce performance when accessing websites. Policy options mapping: * CNSA2.0 (cnsa2) = Prefer key exchange methods satisfying the requirements of CNSA 2.0 * Default (default) = Use Microsoft Edge's default supported groups Use the preceding information when configuring this policy. Example value: cnsa2