Policy
Turn off encryption support
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, Secure Sockets Layer (SSL) 2.0, or SSL 3.0 in the browser. TLS and SSL are protocols that help protect communication between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each other’s list of supported protocols and versions, and they select the most preferred match. If you enable this policy setting, the browser negotiates or does not negotiate an encryption tunnel by using the encryption methods that you select from the drop-down list. If you disable or do not configure this policy setting, the user can select which encryption method the browser supports. Note: SSL 2.0 is off by default and is no longer supported starting with Windows 10 Version 1607. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0.
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
Secure Protocol combinations ID Advanced_WinInetProtocolOptions | enum | HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols Type REG_DWORD | Options: Use no secure protocols (0), [Obsolete] Only use SSL 2.0 (8), Only use SSL 3.0 (32), [Obsolete] Use SSL 2.0 and SSL 3.0 (40), Only use TLS 1.0 (128), [Obsolete] Use SSL 2.0 and TLS 1.0 (136), Use SSL 3.0 and TLS 1.0 (160), [Obsolete] Use SSL 2.0, SSL 3.0, and TLS 1.0 (168) … +29 more |
Other policies in this category
Explore related policies at the same level.
- UserAllow active content from CDs to run on user machinesAt least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
- ComputerAllow active content from CDs to run on user machinesAt least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
- UserAllow Install On Demand (except Internet Explorer)Only Internet Explorer 6.0 in Windows 2003 Service Pack 1
- ComputerAllow Install On Demand (except Internet Explorer)Only Internet Explorer 6.0 in Windows 2003 Service Pack 1
- ComputerAllow Install On Demand (Internet Explorer)Only Internet Explorer 6.0 in Windows 2003 Service Pack 1
- UserAllow Install On Demand (Internet Explorer)Only Internet Explorer 6.0 in Windows 2003 Service Pack 1
- ComputerAllow Internet Explorer to use the HTTP2 network protocolAt least Internet Explorer 11.0 on Windows 10
- UserAllow Internet Explorer to use the HTTP2 network protocolAt least Internet Explorer 11.0 on Windows 10
- ComputerAllow Internet Explorer to use the SPDY/3 network protocolOnly Internet Explorer 11.0 on Windows 8.1
- UserAllow Internet Explorer to use the SPDY/3 network protocolOnly Internet Explorer 11.0 on Windows 8.1
- ComputerAllow software to run or install even if the signature is invalidAt least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
- UserAllow software to run or install even if the signature is invalidAt least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1