Policy

Cipher suite order

Windows 11 25H2

Back to categoryOpen picker

Policy overview

Key metadata and intent for this policy.

ClassComputer
CategoryNetwork > Lanman Server
Supported onAt least Windows Server 2016, Windows 10

Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016

This policy setting determines the cipher suites used by the SMB server. If you enable this policy setting, cipher suites are prioritized in the order specified. If you enable this policy setting and do not specify at least one supported cipher suite, or if you disable or do not configure this policy setting, the default cipher suite order is used. SMB 3.11 cipher suites: AES_128_GCM AES_128_CCM AES_256_GCM AES_256_CCM SMB 3.0 and 3.02 cipher suites: AES_128_CCM How to modify this setting: Arrange the desired cipher suites in the edit box, one cipher suite per line, in order from most to least preferred, with the most preferred cipher suite at the top. Remove any cipher suites you don't want to use. Note: When configuring this security setting, changes will not take effect until you restart Windows.

Internal name
Pol_CipherSuiteOrder
Policy ID
fb9aa3e553c8
Elements
1

Registry values

How enabled and disabled states update the registry.

No explicit registry values are set for enabled or disabled states.

Policy elements

Inputs and configuration options exposed by this policy.

ElementTypeRegistry mappingConstraints & behavior
MultiText_CipherSuiteOrder
ID MultiText_CipherSuiteOrder
list
HKLM\Software\Policies\Microsoft\Windows\LanmanServer\CipherSuiteOrder
Type REG_MULTI_SZ
None

Other policies in this category

Explore related policies at the same level.

View all policies in this category