Allow fallback to SSL 3.0 (Internet Explorer)

This policy setting allows you to block an insecure fallback to SSL 3.0. When this policy is enabled, Internet Explorer will attempt to connect to sites using SSL 3.0 or below when TLS 1.0 or greater fails.

We recommend that you do not allow insecure fallback in order to prevent a man-in-the-middle attack.

This policy does not affect which security protocols are enabled.

If you disable this policy, system defaults will be used.

Supported on: At least Internet Explorer 7.0

Allow insecure fallback for:


  1. No Sites
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
    Value NameEnableSSL3Fallback
    Value TypeREG_DWORD
    Value0
  2. Non-Protected Mode Sites
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
    Value NameEnableSSL3Fallback
    Value TypeREG_DWORD
    Value1
  3. All Sites
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSoftware\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
    Value NameEnableSSL3Fallback
    Value TypeREG_DWORD
    Value3


inetres.admx

Administrative Templates (Computers)

Administrative Templates (Users)