Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
CECPQ2 post-quantum key-agreement enabled for TLS (obsolete)
OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge version 113.
Supported versions
- On Windows and macOS since 93, until 113
Description
This policy was removed in Microsoft Edge 114 and is ignored if set. It served to disable CECPQ2, but CECPQ2 has been disabled by default. A separate policy will be introduced to control the rollout of the replacement of CECPQ2. That replacement will be a combination of the standard key-agreement X25519 with NIST's chosen post-quantum KEM, called "Kyber".
If this policy is not configured, or is set to enabled, then Microsoft Edge will follow the default rollout process for CECPQ2, a post-quantum key-agreement algorithm in TLS.
CECPQ2 results in larger TLS messages which, in very rare cases, can trigger bugs in some networking hardware. This policy can be set to False to disable CECPQ2 while networking issues are resolved.
This policy is a temporary measure and will be removed in future versions of Microsoft Edge.
Supported features
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
- Per Profile: No
- Applies to a profile that is signed in with a Microsoft account: Yes
Data type
- Boolean
Windows information and settings
Group Policy (ADMX) info
- GP unique name: CECPQ2Enabled
- GP name: CECPQ2 post-quantum key-agreement enabled for TLS (obsolete)
- GP path (Mandatory): Administrative Templates/Microsoft Edge
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Example value
Enabled
Registry settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
- Path (Recommended): N/A
- Value name: CECPQ2Enabled
- Value type: REG_DWORD
Example registry value
0x00000001
Mac information and settings
- Preference Key name: CECPQ2Enabled
- Example value:
<true/>