Edit

Share via


PostQuantumKeyAgreementEnabled

Enable post-quantum key agreement for TLS

Supported versions

  • On Windows and macOS since 120 or later

Description

This policy configures whether Microsoft Edge will offer a post-quantum key agreement algorithm in TLS. This lets supporting servers protect user traffic from being decrypted by quantum computers.

If you enable this policy, Microsoft Edge will offer a post-quantum key agreement in TLS connections. TLS connections will be protected from quantum computers when communicating with compatible servers.

If you disable this policy, Microsoft Edge will not offer a post-quantum key agreement in TLS connections. User traffic will be unprotected from decryption by quantum computers.

If you don't configure this policy, Microsoft Edge will follow the default rollout process for offering a post-quantum key agreement.

Offering a post-quantum key agreement is backwards-compatible. Existing TLS servers and networking middleware are expected to ignore the new option and continue selecting previous options.

However, devices that don't implement TLS correctly may malfunction when offered the new option. For example, they might disconnect in response to unrecognized options or the resulting larger messages. These devices are not post-quantum-ready and will interfere with an enterprise's post-quantum transition. If this issue is encountered, administrators should contact the vendor for a fix.

This policy is a temporary measure and will be removed in future versions of Microsoft Edge. You can enable it to test for issues and you can disable it while you resolve issues.

Supported features

  • Can be mandatory: Yes
  • Can be recommended: No
  • Dynamic Policy Refresh: Yes
  • Per Profile: No
  • Applies to a profile that is signed in with a Microsoft account: Yes

Data type

  • Boolean

Windows information and settings

Group Policy (ADMX) info

  • GP unique name: PostQuantumKeyAgreementEnabled
  • GP name: Enable post-quantum key agreement for TLS
  • GP path (Mandatory): Administrative Templates/Microsoft Edge
  • GP path (Recommended): N/A
  • GP ADMX file name: MSEdge.admx

Example value

Enabled

Registry settings

  • Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
  • Path (Recommended): N/A
  • Value name: PostQuantumKeyAgreementEnabled
  • Value type: REG_DWORD

Example registry value

0x00000001

Mac information and settings

  • Preference Key name: PostQuantumKeyAgreementEnabled
  • Example value:
<true/>

See also