Skip to content

Commit da8516d

Browse files
DeagleGrossDeagleGross
committed
correct setup for EC
1 parent ba9096c commit da8516d

File tree

2 files changed

+8
-1
lines changed

2 files changed

+8
-1
lines changed

src/BenchmarksApps/TLS/README.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,13 @@ In output you nee to find SSL connection:
1919
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / secp521r1 / RSASSA-PSS
2020
```
2121

22+
### Machine setup
23+
You could use [set-fips-compliant-tls-config](./set-fips-compliant-tls-config.ps1) to configure machine. It may not work (registry on windows does not apply always).
24+
25+
You can set TLS CipherSuite and ECC Curve order in Windows UI:
26+
- Local Group Policy Editor -> Computer Configuration > Administrative Templates > Network > SSL Configuration
27+
- Values can be taken from https://learn.microsoft.com/en-us/windows/win32/secauthn/tls-elliptic-curves-in-windows-10-1607-and-later
28+
2229
### Verify machine setup
2330

2431
#### Windows

src/BenchmarksApps/TLS/set-fips-compliant-tls-config.ps1

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ Write-Host "set priority cipher suites"
4040
# Set ECC curve order: P-384, P-256, P-521
4141
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002' `
4242
-Name 'EccCurves' `
43-
-Value @('NistP384', 'NistP256', 'NistP521') `
43+
-Value @('NistP384')` # -Value @('NistP384', 'NistP256', 'NistP521') ` to set more ECs
4444
-PropertyType MultiString `
4545
-Force
4646

0 commit comments

Comments
 (0)