ssl-extension-supported-groups
Specifies supported groups for TLS key agreements. This entry is used only when ssl-key-agreement is set to custom.
Syntax
ssl-extension-supported-groups = supported_group_name[,supported_group_name]*Description
Defines a comma-separated list of supported groups to propose in TLS 1.2 and TLS 1.3 key agreements with the federation runtime.
This entry applies only when the ssl-key-agreement entry is set to custom and the federation runtime connection uses version 9 of the cryptography provider. For more information about cryptography provider versions, see Cryptography Provider Overview.
Options
- supported_group_name
-
Specifies the name of a supported group to enable. The list of available supported group names is:
- ECDHE_X25519MLKEM768
- ECDHE_X25519
- ECDHE_SecP256r1MLKEM768
- ECDHE_SECP256R1
- ECDHE_SecP384r1MLKEM1024
- ECDHE_SECP384R1
- ECDHE_SECP521R1
- ECDHE_X448
- MLKEM768
- MLKEM1024
The following table describes the properties of the supported groups.Table 1. Supported Group Properties Name TLS 1.2 Support? TLS 1.3 Support? Uses Post-Quantum Cryptography (PQC)? ECDHE_X25119MLKEM768 No Yes Yes, Hybrid PQC ECDHE_X25519 Yes Yes No ECDHE_SecP256r1MLKEM768 No Yes Yes, Hybrid PQC ECDHE_SECP256R1 Yes Yes No ECDHE_SecP384r1MLKEM1024 No Yes Yes, Hybrid PQC ECDHE_SECP384R1 Yes Yes No ECDHE_SECP521R1 Yes Yes No ECDHE_X448 Yes Yes No MLKEM768 No Yes Yes, Non-Hybrid PQC MLKEM1024 No Yes Yes, Non-Hybrid PQC For more information about configuring Post-Quantum Cryptography, see Post-Quantum Cryptography (PQC).
Usage
This stanza entry is required when ssl-key-agreement is set to custom. Otherwise it is optional.
Default value
ssl-extension-supported-groups =Example
ssl-key-agreement = custom
ssl-extension-supported-groups = ECDHE_X25519MLKEM768,ECDHE_X25519