diff --git a/docs/CIPHERS.md b/docs/CIPHERS.md
index 2190ff156..af8f2f4c4 100644
--- a/docs/CIPHERS.md
+++ b/docs/CIPHERS.md
@@ -514,3 +514,9 @@ and the request will fail.
 `CALG_ECMQV`,
 `CALG_ECDSA`,
 `CALG_ECDH_EPHEM`,
+
+As of curl 7.77.0, you can also pass `SCH_USE_STRONG_CRYPTO` as a cipher name
+to [constrain the set of available ciphers as specified in the schannel
+documentation](https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-server-2022).
+Note that the supported ciphers in this case follows the OS version, so if you
+are running an outdated OS you might still be supporting weak ciphers.
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index 7d96cf7fc..9efbcc297 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -117,6 +117,10 @@
 #define SP_PROT_TLS1_2_CLIENT           0x00000800
 #endif
 
+#ifndef SCH_USE_STRONG_CRYPTO
+#define SCH_USE_STRONG_CRYPTO           0x00400000
+#endif
+
 #ifndef SECBUFFER_ALERT
 #define SECBUFFER_ALERT                 17
 #endif
@@ -335,6 +339,11 @@ set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers)
       alg = get_alg_id_by_name(startCur);
     if(alg)
       algIds[algCount++] = alg;
+    else if(!strncmp(startCur, "USE_STRONG_CRYPTO",
+                     sizeof("USE_STRONG_CRYPTO") - 1) ||
+            !strncmp(startCur, "SCH_USE_STRONG_CRYPTO",
+                     sizeof("SCH_USE_STRONG_CRYPTO") - 1))
+      schannel_cred->dwFlags |= SCH_USE_STRONG_CRYPTO;
     else
       return CURLE_SSL_CIPHER;
     startCur = strchr(startCur, ':');