Edit

Share via


CECPQ2Enabled

CECPQ2 post-quantum key-agreement enabled for TLS (obsolete)

OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge version 113.

Supported versions

  • On Windows and macOS since 93, until 113

Description

This policy was removed in Microsoft Edge 114 and is ignored if set. It served to disable CECPQ2, but CECPQ2 has been disabled by default. A separate policy will be introduced to control the rollout of the replacement of CECPQ2. That replacement will be a combination of the standard key-agreement X25519 with NIST's chosen post-quantum KEM, called "Kyber".

If this policy is not configured, or is set to enabled, then Microsoft Edge will follow the default rollout process for CECPQ2, a post-quantum key-agreement algorithm in TLS.

CECPQ2 results in larger TLS messages which, in very rare cases, can trigger bugs in some networking hardware. This policy can be set to False to disable CECPQ2 while networking issues are resolved.

This policy is a temporary measure and will be removed in future versions of Microsoft Edge.

Supported features

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data type

  • Boolean

Windows information and settings

Group Policy (ADMX) info

  • GP unique name: CECPQ2Enabled
  • GP name: CECPQ2 post-quantum key-agreement enabled for TLS (obsolete)
  • GP path (Mandatory): Administrative Templates/Microsoft Edge
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx

Example value

Enabled

Registry settings

  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value name: CECPQ2Enabled
  • Value type: REG_DWORD

Example registry value

0x00000001

Mac information and settings

  • Preference Key name: CECPQ2Enabled
  • Example value:
<true/>

See also