CCE-42500-9Platform: cpe:/o:microsoft:windows_10 | Date: (C)2016-09-23 (M)2023-07-04 |
Specify the 'ECC Curve Order' value (ECC curve names)
This policy setting determines the priority order of ECC curves used with ECDHE cipher suites.
If you enable this policy setting, ECC curves are prioritized in the order specified.(Enter one Curve name per line)
If you disable or do not configure this policy setting, the default ECC curve order is used.
Default Curve Order
============
NistP256
NistP384
To See all the curves supported on the system, Use the following command:
CertUtil.exe -DisplayEccCurve
Counter Measure:
Enable this policy setting and set the priority order of the ECC curves.
Potential Impact:
Enabling this policy setting means the default ECC curve order is not used or is supported by the device.
Parameter:
[NistP256]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesNetworkSSL Configuration SettingsECC Curve Order
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftCryptographyConfigurationSSL 0010002EccCurves
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.0 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 4.7 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: LOW |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:35115 |