X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/cd2237277641333774092ded9b71f1b29e4e42cd..97bb56283cf2030dcb8e62c3be7b53743b084ab0:/README.md?ds=sidebyside diff --git a/README.md b/README.md index 256da8d..b264068 100644 --- a/README.md +++ b/README.md @@ -1262,9 +1262,29 @@ Value (string): } ``` ### DisabledCiphers -Disable specific cryptographic ciphers. - -**Preferences Affected:** `security.ssl3.dhe_rsa_aes_128_sha`, `security.ssl3.dhe_rsa_aes_256_sha`, `security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_rsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_rsa_aes_128_sha`, `security.ssl3.ecdhe_rsa_aes_256_sha`, `security.ssl3.rsa_aes_128_gcm_sha256`, `security.ssl3.rsa_aes_128_sha`, `security.ssl3.rsa_aes_256_gcm_sha384`, `security.ssl3.rsa_aes_256_sha`, `security.ssl3.rsa_des_ede3_sha` +Disable specific cryptographic ciphers, listed below. + +``` +TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 +TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 +TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 +TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA +TLS_DHE_RSA_WITH_AES_128_CBC_SHA +TLS_DHE_RSA_WITH_AES_256_CBC_SHA +TLS_RSA_WITH_AES_128_GCM_SHA256 +TLS_RSA_WITH_AES_256_GCM_SHA384 +TLS_RSA_WITH_AES_128_CBC_SHA +TLS_RSA_WITH_AES_256_CBC_SHA +TLS_RSA_WITH_3DES_EDE_CBC_SHA +``` + +**Preferences Affected:** `security.ssl3.ecdhe_rsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_128_sha`, `security.ssl3.ecdhe_ecdsa_aes_128_sha`, `security.ssl3.ecdhe_rsa_aes_256_sha`, `security.ssl3.ecdhe_ecdsa_aes_256_sha`, `security.ssl3.dhe_rsa_aes_128_sha`, `security.ssl3.dhe_rsa_aes_256_sha`, `security.ssl3.rsa_aes_128_gcm_sha256`, `security.ssl3.rsa_aes_256_gcm_sha384`, `security.ssl3.rsa_aes_128_sha`, `security.ssl3.rsa_aes_256_sha`, `security.ssl3.deprecated.rsa_des_ede3_sha` --- **Note:** @@ -1272,38 +1292,19 @@ Disable specific cryptographic ciphers. This policy was updated in Firefox 78 to allow enabling ciphers as well. Setting the value to true disables the cipher, setting the value to false enables the cipher. Previously setting the value to true or false disabled the cipher. --- -**Compatibility:** Firefox 76, Firefox ESR 68.8 (TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 were added in Firefox 78)\ +**Compatibility:** Firefox 76, Firefox ESR 68.8 (TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 were added in Firefox 78, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 were added in Firefox 97 and Firefox 91.6)\ **CCK2 Equivalent:** N/A\ **Preferences Affected:** N/A #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0 -Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0 -Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0 -Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0 -Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x1 | 0x0 -Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x1 | 0x0 -Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0 -Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0 -Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x1 | 0x0 -Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x1 | 0x0 -Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\CIPHER_NAME = 0x1 | 0x0 ``` #### Windows (Intune) OMA-URI: ``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_DHE_RSA_WITH_AES_128_CBC_SHA -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_DHE_RSA_WITH_AES_256_CBC_SHA -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_AES_128_CBC_SHA -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_AES_256_CBC_SHA -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_3DES_EDE_CBC_SHA -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_AES_128_GCM_SHA256 -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_AES_256_GCM_SHA384 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_CIPHER_NAME + ``` Value (string): ``` @@ -1314,27 +1315,7 @@ Value (string): DisabledCiphers - TLS_DHE_RSA_WITH_AES_128_CBC_SHA - | - TLS_DHE_RSA_WITH_AES_256_CBC_SHA - | - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - | - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - | - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - | - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - | - TLS_RSA_WITH_AES_128_CBC_SHA - | - TLS_RSA_WITH_AES_256_CBC_SHA - | - TLS_RSA_WITH_3DES_EDE_CBC_SHA - | - TLS_RSA_WITH_AES_128_GCM_SHA256 - | - TLS_RSA_WITH_AES_256_GCM_SHA384 + CIPHER_NAME | @@ -1344,17 +1325,7 @@ Value (string): { "policies": { "DisabledCiphers": { - "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": true | false, - "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": true | false, - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": true | false, - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": true | false, - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": true | false, - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": true | false, - "TLS_RSA_WITH_AES_128_CBC_SHA": true | false, - "TLS_RSA_WITH_AES_256_CBC_SHA": true | false, - "TLS_RSA_WITH_3DES_EDE_CBC_SHA": true | false, - "TLS_RSA_WITH_AES_128_GCM_SHA256": true | false, - "TLS_RSA_WITH_AES_256_GCM_SHA384": true | false + "CIPHER_NAME": true | false, } } } @@ -5055,7 +5026,9 @@ Value (string): ### SearchEngines | Add -Add new search engines (up to five). This policy is only available on the ESR. `Name` and `URLTemplate` are required. +Add new search engines. Although there are only five engines available in the ADMX template, there is no limit. To add more in the ADMX template, you can duplicate the XML. + +This policy is only available on the ESR. `Name` and `URLTemplate` are required. `Name` is the name of the search engine.