Policy

Allow fallback to SSL 3.0 (Internet Explorer)

Microsoft Windows

Back to Security FeaturesBack to main
Allow fallback to SSL 3.0 (Internet Explorer)
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
Windows Components > Internet Explorer > Security Features
Supported on
At least Internet Explorer 7.0

This policy setting allows you to block an insecure fallback to SSL 3.0. When this policy is enabled, Internet Explorer will attempt to connect to sites using SSL 3.0 or below when TLS 1.0 or greater fails. We recommend that you do not allow insecure fallback in order to prevent a man-in-the-middle attack. This policy does not affect which security protocols are enabled. If you disable this policy, system defaults will be used.

Internal name
Advanced_EnableSSL3Fallback
Policy ID
073a16a3db22
Elements
1

Registry values

How enabled and disabled states update the registry.

No explicit registry values are set for enabled or disabled states.

Policy elements

Inputs and configuration options exposed by this policy.

ScopeElementTypeRegistry mappingConstraints & behaviorCopy
Computer
Allow insecure fallback for:
ID Advanced_EnableSSL3FallbackOptions
enum
Path
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Value name
EnableSSL3Fallback
Type
REG_DWORD
Options: No Sites (0), Non-Protected Mode Sites (1), All Sites (3)
Allow insecure fallback for:
Computer · Type enum
Registry mapping
Path
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Value name
EnableSSL3Fallback
Type
REG_DWORD
Details
Options: No Sites (0), Non-Protected Mode Sites (1), All Sites (3)