CCE-96923-8Platform: cpe:/o:microsoft:windows_11 | Date: (C)2022-05-07 (M)2023-07-04 |
This policy setting determines the priority order of ECC curves used with ECDHE cipher suites.
If you enable this policy setting, ECC curves are prioritized in the order specified.(Enter one Curve name per line)
If you disable or do not configure this policy setting, the default ECC curve order is used.
Default Curve Order
============
NistP256
NistP384
To See all the curves supported on the system, Use the following command:
CertUtil.exe -DisplayEccCurve
Countermeasure:
Enable this policy setting and set the priority order of the ECC curves.
Potential Impact:
Enabling this policy setting means the default ECC curve order is not used or is supported by the device.
Parameter:
[curve25519 NistP256 NistP384]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\Network\SSL Configuration Settings\ECC Curve Order
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002!EccCurves
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.0 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 4.7 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: LOW |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:79361 |