Specify the 'ECC Curve Order' value (ECC curve names) This policy setting determines the priority order of ECC curves used with ECDHE cipher suites. If you enable this policy setting, ECC curves are prioritized in the order specified.(Enter one Curve name per line) If you disable or do not configure this policy setting, the default ECC curve order is used. Default Curve Order ============ NistP256 NistP384 To See all the curves supported on the system, Use the following command: CertUtil.exe -DisplayEccCurve Counter Measure: Enable this policy setting and set the priority order of the ECC curves. Potential Impact: Enabling this policy setting means the default ECC curve order is not used or is supported by the device.

[NistP256]

(1) GPO: Computer ConfigurationAdministrative TemplatesNetworkSSL Configuration SettingsECC Curve Order (2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftCryptographyConfigurationSSL0010002EccCurves