Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Enable a TLS 1.3 security feature for local trust anchors (obsolete)
OBSOLETE: This policy is obsolete and doesn't work after Microsoft Edge version 85.
Supported versions
- Windows: 81-85
- macOS: 81-85
- Android: Not supported
- iOS: Not supported
Description
This policy doesn't work because it was only intended to be a short-term mechanism to give enterprises more time to upgrade affected proxies.
This policy controls a security feature in TLS 1.3 that protects connections against downgrade attacks. It's backwards-compatible and doesn't affect connections to compliant TLS 1.2 servers or proxies. However, older versions of some TLS-intercepting proxies have an implementation flaw which causes them to be incompatible.
If you enable or don't configure this policy, Microsoft Edge enables these security protections for all connections.
If you disable this policy, Microsoft Edge disables these security protections for connections authenticated with locally-installed CA certificates. These protections are always enabled for connections authenticated with publicly-trusted CA certificates.
This policy can be used to test for any affected proxies and upgrade them. Affected proxies are expected to fail connections with an error code of ERR_TLS13_DOWNGRADE_DETECTED.
Supported features
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: Yes
- Per Profile: Yes
- Applies to a profile that is signed in with a Microsoft account: Yes
Data type
- Boolean
Windows information and settings
Group Policy (ADMX) info
- GP unique name: TLS13HardeningForLocalAnchorsEnabled
- GP name: Enable a TLS 1.3 security feature for local trust anchors (obsolete)
- GP path (Mandatory): Administrative Templates/Microsoft Edge
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Example value
Enabled
Registry settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
- Path (Recommended): N/A
- Value name: TLS13HardeningForLocalAnchorsEnabled
- Value type: REG_DWORD
Example registry value
0x00000001
Mac information and settings
- Preference Key name: TLS13HardeningForLocalAnchorsEnabled
- Example value:
<true/>