none
Configured ECC Curve Order Not Being Honored/Followed RRS feed

  • Question

  • Hello,

    I have configured my ECC Curve Order through gpedit.msc and have specified many curves and have placed nist and secp type curves below brainpool, curve25519, and others but it is not being honored.  When I view connections to various resources I only see secp curves listed for Microsoft Edge.  Other programs appear to be using other CNG curves.  here is my output for the cipher suites I have also specified and the curve ouput.

    Powershell command does show order I set in group policy

    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_RSA_WITH_AES_256_GCM_SHA384
    TLS_RSA_WITH_AES_128_GCM_SHA256
    TLS_RSA_WITH_AES_256_CBC_SHA256
    TLS_RSA_WITH_AES_128_CBC_SHA256
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA
    TLS_RSA_WITH_AES_256_CBC_SHA
    TLS_RSA_WITH_AES_128_CBC_SHA

    Certutil does not show order I set

    Microsoft SSL Protocol Provider:
    --------------------------------
    Curve Name          Curve OID                     Public Key Length   CurveType           EccCurveFlags
    -----------------------------------------------------------------------------------------------
    curve25519                                        255                 29                  0xa
    nistP256            1.2.840.10045.3.1.7           256                 23                  0x7
    nistP384            1.3.132.0.34                  384                 24                  0x7
    brainpoolP256r1     1.3.36.3.3.2.8.1.1.7          256                 26                  0x7
    brainpoolP384r1     1.3.36.3.3.2.8.1.1.11         384                 27                  0x7
    brainpoolP512r1     1.3.36.3.3.2.8.1.1.13         512                 28                  0x7
    nistP192            1.2.840.10045.3.1.1           192                 19                  0x7
    nistP224            1.3.132.0.33                  224                 21                  0x7
    nistP521            1.3.132.0.35                  521                 25                  0x7
    secP160k1           1.3.132.0.9                   160                 15                  0x7
    secP160r1           1.3.132.0.8                   160                 16                  0x7
    secP160r2           1.3.132.0.30                  160                 17                  0x7
    secP192k1           1.3.132.0.31                  192                 18                  0x7
    secP192r1           1.2.840.10045.3.1.1           192                 19                  0x7
    secP224k1           1.3.132.0.32                  224                 20                  0x7
    secP224r1           1.3.132.0.33                  224                 21                  0x7
    secP256k1           1.3.132.0.10                  256                 22                  0x7
    secP256r1           1.2.840.10045.3.1.7           256                 23                  0x7
    secP384r1           1.3.132.0.34                  384                 24                  0x7
    secP521r1           1.3.132.0.35                  521                 25                  0x7


    CNG Curves:
    -----------
    Curve Name          Curve OID                     Public Key Length
    -------------------------------------------------------------------
    brainpoolP160r1     1.3.36.3.3.2.8.1.1.1          160
    brainpoolP160t1     1.3.36.3.3.2.8.1.1.2          160
    brainpoolP192r1     1.3.36.3.3.2.8.1.1.3          192
    brainpoolP192t1     1.3.36.3.3.2.8.1.1.4          192
    brainpoolP224r1     1.3.36.3.3.2.8.1.1.5          224
    brainpoolP224t1     1.3.36.3.3.2.8.1.1.6          224
    brainpoolP256r1     1.3.36.3.3.2.8.1.1.7          256
    brainpoolP256t1     1.3.36.3.3.2.8.1.1.8          256
    brainpoolP320r1     1.3.36.3.3.2.8.1.1.9          320
    brainpoolP320t1     1.3.36.3.3.2.8.1.1.10         320
    brainpoolP384r1     1.3.36.3.3.2.8.1.1.11         384
    brainpoolP384t1     1.3.36.3.3.2.8.1.1.12         384
    brainpoolP512r1     1.3.36.3.3.2.8.1.1.13         512
    brainpoolP512t1     1.3.36.3.3.2.8.1.1.14         512
    curve25519                                        255
    ec192wapi           1.2.156.11235.1.1.2.1         192
    nistP192            1.2.840.10045.3.1.1           192
    nistP224            1.3.132.0.33                  224
    nistP256            1.2.840.10045.3.1.7           256
    nistP384            1.3.132.0.34                  384
    nistP521            1.3.132.0.35                  521
    numsP256t1                                        256
    numsP384t1                                        384
    numsP512t1                                        512
    secP160k1           1.3.132.0.9                   160
    secP160r1           1.3.132.0.8                   160
    secP160r2           1.3.132.0.30                  160
    secP192k1           1.3.132.0.31                  192
    secP192r1           1.2.840.10045.3.1.1           192
    secP224k1           1.3.132.0.32                  224
    secP224r1           1.3.132.0.33                  224
    secP256k1           1.3.132.0.10                  256
    secP256r1           1.2.840.10045.3.1.7           256
    secP384r1           1.3.132.0.34                  384
    secP521r1           1.3.132.0.35                  521
    wtls7               1.3.132.0.30                  160
    wtls9               2.23.43.1.4.9                 160
    wtls12              1.3.132.0.33                  224
    x962P192v1          1.2.840.10045.3.1.1           192
    x962P192v2          1.2.840.10045.3.1.2           192
    x962P192v3          1.2.840.10045.3.1.3           192
    x962P239v1          1.2.840.10045.3.1.4           239
    x962P239v2          1.2.840.10045.3.1.5           239
    x962P239v3          1.2.840.10045.3.1.6           239
    x962P256v1          1.2.840.10045.3.1.7           256

    This is the order I set in group policy:

    brainpoolP512r1
    brainpoolP512t1
    brainpoolP384r1
    brainpoolP384t1
    brainpoolP320r1
    brainpoolP320t1
    brainpoolP256r1
    brainpoolP256t1
    brainpoolP224r1
    brainpoolP224t1
    brainpoolP192r1
    brainpoolP192t1
    brainpoolP160r1
    brainpoolP160t1
    curve25519
    numsP512t1
    numsP384t1
    numsP256t1
    x962P256v1
    x962P239v1
    x962P239v2
    x962P239v3
    wtls12
    ec192wapi
    x962P192v1
    x962P192v2
    x962P192v3
    wtls7
    wtls9
    secP521r1
    secP384r1
    secP256k1
    secP256r1
    secP224k1
    secP224r1
    secP192k1
    secP192r1
    secP160k1
    secP160r1
    secP160r2
    nistP521
    nistP384
    nistP256
    nistP224
    nistP192

    Friday, March 31, 2017 6:54 PM

All replies

  • Windows 10 supports an elliptic curve priority order setting so the elliptic curve suffix is not required and is overridden by the new elliptic curve priority order, when provided, to allow organizations to use group policy to configure different versions of Windows with the same cipher suites.

    Please note, the ECC curve order for SSL configuration settings must be updated to require the more secure option of NistP384, look at this link below:

    http://securityrules.info/about/xuzid-gebam-zinen-tusax/WN10-CC-000007_rule

    Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, April 3, 2017 2:20 AM
    Moderator
  • Hi All,

    I am having the same issue, powershell is showing the correct order but cert util and group policy editor dont seem to be working at all.

    The link provided above is no longer valid. 

    Powershell

    get-tlsecccurve

    secP256r1
    curve25519
    nistP256

    certutil

    Curve Name          Curve OID                     Public Key Length   CurveType           EccCurveFlags

    -----------------------------------------------------------------------------------------------
    curve25519                                        255                 29                  0xa
    nistP256            1.2.840.10045.3.1.7           256                 23                  0x7
    nistP384            1.3.132.0.34                  384                 24                  0x7
    brainpoolP256r1     1.3.36.3.3.2.8.1.1.7          256                 26                  0x7
    brainpoolP384r1     1.3.36.3.3.2.8.1.1.11         384                 27                  0x7
    brainpoolP512r1     1.3.36.3.3.2.8.1.1.13         512                 28                  0x7
    nistP192            1.2.840.10045.3.1.1           192                 19                  0x7
    nistP224            1.3.132.0.33


    • Edited by Eugene_noc Tuesday, July 31, 2018 8:29 AM
    Tuesday, July 31, 2018 8:26 AM
  • Brainpool is not recommended.

    See the last table on this page, choosing Safe Curves: https://safecurves.cr.yp.to/index.html
    SSL Labs, Best advice:
    https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices

    The only perfectly secure curves are:

    Curve1174
    Curve25519 (the only secure curve in windows that I am aware of)
    Curve41417 formerly named Curve3617
    Curve383187 authors subsequently recommended switching to M-383
    M-221 formerly named Curve2213
    M-383
    M-511 formerly named Curve511187
    E-222
    E-382
    E-521 
    Ed448-Goldilocks

    My Recommendations:

    ECC "curve25519" ONLY [to prevent 0day downplay attacks], or "curve25519" over "NIST"
    ECDHE_ECDSA over ECDHE_RSA over DHE_RSA over RSA
    SHA 256 over 384, drop 521 (unless for top secret, for speed as recommended by SSL Labs)
    GCM over CBC
    GCM128 over GCM256 (unless for top secret, for speed, as recommended by ssl labs)
    128-bit CBC over 256-bit CBC (unless for top secret, for speed, as recommended by ssl labs)
    SHA-2 over SHA-1 (disable sha on schannel, use only sha256,384,512)

    No P curves necessary P=Nist; ECDHE/ECDSA=ECC! Let ECC curve order determine "curve25519"

    Perfect forward secrecy only:

    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

    FYI (TLS_DHE_RSA_WITH_AES_128 * 256_CBC_SHA* does not exist in windows 10)
    or 
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

    Wireshark:

    With nist P curves enabled:
    sls.update.microsoft.com.nsatc.net offered:
    TLS_ECDHE_RSA_WITH_AES128_GCM_SHA256
    type: named_curve (0x03)
    named curve: secp256r1 (0x0017) (unsafe NIST/NSA curve, insecure)
    rsa_pkcs1_sha1

    fe2.update.microsoft.com.nsatc.net offered
    TLS_ECDHE_RSA_WITH_AES128_GCM_SHA384
    secp256r1, (unsafe NIST/NSA curve, insecure)

    rsa_pkcs1_sha1, sig length 256 (actually sha256)

    With x25519 curve ONLY, enabled:
    fe2.update.microsoft.com.nsatc.net offered
    TLS_ECDHE_RSA_WITH_AES128_GCM_SHA384
    x25519

    Harden Windows 7, Windows 10 Schannel (Windows update, CryptoAPI, IIS, etc):

    Windows Registry Editor Version 5.00 Can save and import this with no problem on Windows 7 or 10. Enable TLS 1.2 On all .NET 2.0, 3.5, 4.5+ apps (client) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] "SystemDefaultTlsVersions"=dword:00000001 "SchUseStrongCrypto"=dword:00000001 WinHTTP TLS 1.2 (client) [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] "DefaultSecureProtocols"=dword:00000800 WinHTTP TLS 1.2 (client) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] "DefaultSecureProtocols"=dword:00000800 PKCS Key Exchange 2048 Bit [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\PKCS] "ClientMinKeyBitLength"=dword:00000800 Enable Stronger Minimum Elliptical Diffie-Hellman Key Exchange 2048 in ISS / CryptoAPI / Windows Update, etc [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\ECDH] "ClientMinKeyBitLength"=dword:00000800 Enable Stronger Minimum Diffie-Hellman Key exchange by Default: 2048 in ISS / CryptoAPI / Windows Update, etc [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman] "ClientMinKeyBitLength"=dword:00000800 Disable Weak Ciphers & Session Tickets

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL] "EnableSessionTicket"=dword:00000002 "EventLogging"=dword:00000004 "MaximumCacheSize"=dword:00000000 "ServerCacheTime"=dword:00000000 IIS Server / Windows Update / CryptoAPI (maybe others)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Server] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\Multi-Protocol Unified Hello\Client] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Client] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 Disable SSL 3.0 (PCI Compliance) and enable "Poodle" protection [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168] "Enabled"=dword:00000001 "DisabledByDefault"=dword:00000001 Disable MD5 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001 Disable SHA [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA] "Enabled"=dword:00000000 "DisabledByDefault"=dword:00000001
    Enable AES 128/128 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128] "Enabled"=dword:ffffffff [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128] Enable AES 256/256 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 256/256] "Enabled"=dword:ffffffff Enable 256, and 384 and 512 SHA! [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA256] "Enabled"=dword:ffffffff [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA384] "Enabled"=dword:ffffffff [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA512] "Enabled"=dword:ffffffff Enable perfect forward secrecy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman] "Enabled"=dword:ffffffff Enable PKCS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\PKCS] "Enabled"=dword:ffffffff Enable Elliptical Diffie-Hellman [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\ECDH] "Enabled"=dword:ffffffff Enable TLS 1.2! [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "Enabled"=dword:ffffffff [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "Enabled"=dword:ffffffff














    • Edited by tutudids Sunday, February 3, 2019 11:01 PM
    Sunday, February 3, 2019 10:32 PM