Policy
Allow fallback to SSL 3.0 (Internet Explorer)
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
This policy setting allows you to block an insecure fallback to SSL 3.0. When this policy is enabled, Internet Explorer will attempt to connect to sites using SSL 3.0 or below when TLS 1.0 or greater fails. We recommend that you do not allow insecure fallback in order to prevent a man-in-the-middle attack. This policy does not affect which security protocols are enabled. If you disable this policy, system defaults will be used.
Internal name
Advanced_EnableSSL3Fallback
Policy ID
073a16a3db22
Elements
1
Registry values
How enabled and disabled states update the registry.
No explicit registry values are set for enabled or disabled states.
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
Allow insecure fallback for: ID Advanced_EnableSSL3FallbackOptions | enum | HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableSSL3Fallback Type REG_DWORD | Options: No Sites (0), Non-Protected Mode Sites (1), All Sites (3) |
Other policies in this category
Explore related policies at the same level.
- ComputerDo not display the reveal password buttonAt least Internet Explorer 10.0
- UserDo not display the reveal password buttonAt least Internet Explorer 10.0
- ComputerTurn off Data Execution PreventionAt least Internet Explorer 8.0
- ComputerTurn off Data URI supportAt least Internet Explorer 8.0
- UserTurn off Data URI supportAt least Internet Explorer 8.0