Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
TLS Encrypted ClientHello Enabled
Supported versions
- On Windows and macOS since 108 or later
Description
Encrypted ClientHello (ECH) is an extension to TLS that encrypts the sensitive fields of ClientHello to improve privacy.
If ECH is enabled, Microsoft Edge might or might not use ECH depending on server support, the availability of the HTTPS DNS record, or the rollout status.
If you enable or do not configure this policy, Microsoft Edge will follow the default rollout process for ECH.
If this policy is disabled, Microsoft Edge will not enable ECH.
Because ECH is an evolving protocol, Microsoft Edge's implementation is subject to change.
As such, this policy is a temporary measure to control the initial experimental implementation. It will be replaced with final controls as the protocol finalizes.
Supported features
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
- Per Profile: No
- Applies to a profile that is signed in with a Microsoft account: Yes
Data type
- Boolean
Windows information and settings
Group Policy (ADMX) info
- GP unique name: EncryptedClientHelloEnabled
- GP name: TLS Encrypted ClientHello Enabled
- GP path (Mandatory): Administrative Templates/Microsoft Edge
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Example value
Enabled
Registry settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
- Path (Recommended): N/A
- Value name: EncryptedClientHelloEnabled
- Value type: REG_DWORD
Example registry value
0x00000001
Mac information and settings
- Preference Key name: EncryptedClientHelloEnabled
- Example value:
<true/>