Allow fallback to SSL 3.0 (Internet Explorer)

Information

This policy setting allows you to block an insecure fallback to SSL 3.0. When this policy is enabled, Internet Explorer will attempt to connect to sites using SSL 3.0 or below when TLS 1.0 or greater fails.
We recommend that you do not allow insecure fallback in order to prevent a man-in-the-middle attack.
This policy does not affect which security protocols are enabled.
If you disable this policy, system defaults will be used.

Solution

Policy Path: Windows Components\Internet Explorer\Security Features
Policy Setting Name: Allow fallback to SSL 3.0 (Internet Explorer)

See Also

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-and-windows-server/ba-p/1999393

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-13

Plugin: Windows

Control ID: 892d915a3b1f40a83e10131950d1b356d58e368eb90997d4cfcf47863c708a26