Forum Discussion
TLS Cipher Suite Deny List management policy
Eric posted the solution over there https://github.com/MicrosoftDocs/Edge-Enterprise/issues/254
i really don't understand what you mean by thats, but blocking cipher can have heavy consequence on your internet navigation, so (i don't know how you will do that), but if you are aware of that, i will recommand to block only cipher who don't support "Perfect Forward Secrecy", but let this config in "test" configuration for some time to be sure you don't break something by accident.
Thanks for your response.
For example, if i like to block all cipher suites not offering PFS, it would be a mess to configure. There are 350 different ciphers registered at IANA, two third of them without PFS.
Would be good to know which of the 350 ciphers are supported by MS Edge and filter them for the unwanted ones.
I read somewhere else, that Edge comes now with an own crypto library and does no longer relay on SCHANNEL. Therefore, schannel restrictions do no longer apply for MS Edge, but do for IE.
Eric posted the solution over there https://github.com/MicrosoftDocs/Edge-Enterprise/issues/254