DeviceLoginScreenPreferSlowKexAlgorithms

This policy configures Google ChromeOS to order its preferred key agreement algorithms (supported groups) in TLS 1.3 to reflect a preference for algorithms that have been approved by a specific compliance regime, when making network requests from the login screen. Setting this policy does not guarantee that any specific algorithms will be negotiated. This policy exists to allow server operators who wish to support clients with and without compliance requirements to differentiate between those clients, and only use certain non-default algorithms with increased cryptographic strength for those explicitly configured to prefer them. Setting the policy to 'Google ChromeOS to prefer key exchange methods required for compliance with the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0). Not setting the policy, or setting it to 'Google ChromeOS to use its default key exchange methods. Setting this policy is not required for security. The default cryptography used by Google ChromeOS is strong enough to withstand a brute force attack using the entire power of the Sun. Setting this policy will cause Google ChromeOS to be slower when making network requests from the login screen. This policy only affects TLS 1.3 and QUIC; it does not affect earlier versions of TLS. This device policy is equivalent to the user policy PreferSlowKexAlgorithms, but applies to the sign-in profile on the login screen instead.