Forum Discussion

Johannes Goerlich's avatar
Johannes Goerlich
Brass Contributor
Jan 25, 2021
Solved

TLS Cipher Suite Deny List management policy

Hello,   in v85 support for the TLS Cipher Suite Deny List management policy was added. I have a hard time to use the TLS Cipher Suite Deny List management policy. The list of IANA cipher suites is...
  • Johannes Goerlich's avatar
    Johannes Goerlich
    Nov 03, 2021

    Eric posted the solution over there https://github.com/MicrosoftDocs/Edge-Enterprise/issues/254

Johannes Goerlich's avatar
Johannes Goerlich
Brass Contributor
Jan 26, 2021

Thanks for your response.

For example, if i like to block all cipher suites not offering PFS, it would be a mess to configure. There are 350 different ciphers registered at IANA, two third of them without PFS.

Would be good to know which of the 350 ciphers are supported by MS Edge and filter them for the unwanted ones.

I read somewhere else, that Edge comes now with an own crypto library and does no longer relay on SCHANNEL. Therefore, schannel restrictions do no longer apply for MS Edge, but do for IE.

Johannes Goerlich's avatar
Johannes Goerlich
Brass Contributor
Nov 03, 2021

Eric posted the solution over there https://github.com/MicrosoftDocs/Edge-Enterprise/issues/254

Resources