How to overcome Local Group Policy Editor's 1023 character limit?

windows windows-8.1 ssl group-policy tls
5,101

Solution

  1. Paste the list of available suites into a blank text document.

  2. Edit the suite list as needed. When you're done, place a comma at the end of each suite name except the last one. Then remove all the line breaks in order to get a single line, and make sure there are no space characters.

  3. Press Win+R, type or paste regedit.exe in the text box, and press Enter.

  4. Navigate to the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002

    If the key isn't there, create it yourself.

  5. Create a new string value (Edit > New > String Value) called Functions, in case it doesn't exist already. Double-click it to modify it, paste the suite list you created earlier into it, and click OK.

  6. Restart Windows to apply the changes. To verify your configuration you can use this client test page: https://www.ssllabs.com/ssltest/viewMyClient.html

References

Share:
5,101

Related videos on Youtube

Louis Waweru
Author by

Louis Waweru

Updated on September 18, 2022

Comments

  • Louis Waweru
    Louis Waweru over 1 year

    I want to reorder the SSL Cipher Suite Order applied as part of KB2919355, prioritizing the forward secrecy suites above all else.

    Trying to do this with gpedit at Computer Configuration > Administrative Templates > Network > SSL Configuration Settings > SSL Cipher Suite Order is a problem because the new list goes over the tool's character limit.

    Is there anyway to overcome this limit so I don't have to keep the current priority or omit something from the list?

    • and31415
      and31415 almost 10 years
      If I understood correctly, here's explained how: gpsearch.azurewebsites.net/#58
    • Louis Waweru
      Louis Waweru almost 10 years
      @and31415 Yep, that's how, but the new list is about 1400 characters. Actually, the list that ships out of the box is over 1023 characters as well. So there's no editing it without removing some items. (I believe textboxes in gpedit have a 1023 character limit.)
    • Louis Waweru
      Louis Waweru almost 10 years
      For example, here is what I can copy from the textbox when it is seeded with the default, OOTB list. And here is what it gets truncated to after immediately pasting it back in.
    • and31415
      and31415 almost 10 years
      What if you edit the Functions registry value directly?
    • Louis Waweru
      Louis Waweru almost 10 years
      @and31415 Okay, I think I just understood what you were pointing me at. I'll give it a shot.
    • Louis Waweru
      Louis Waweru almost 10 years
      @and31415 Thanks so much. Seems to be working according to this SSLLabs test (with a few quirks). Would you mind making an answer?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to prevent GPO from mapping network drives on my PC?
Allow Microsoft accounts to be optional without Group Policy?
Certificate stops working after computer reboot
How to unblock the program from the group policy in Android Studio for a Flutter application?
How to enable TLS1.2 on IIS7 Windows Server 2008 R2
Creating Self-Signed CA Certificate with makecert.exe
Where are SSL certificates are stored?
Using nxlog to ship logs in to logstash from Windows using om_ssl
Oracle 11g R2 Installation error -13001
Local Mongo on Windows - couldn't connect to server 127.0.0.1:27017, connection attempt failed