Details

This policy setting allows you to block an insecure fallback to SSL 3.0. When this policy is enabled, Internet Explorer will attempt to connect to sites using SSL 3.0 or below when TLS 1.0 or greater fails.

We recommend that you do not allow insecure fallback in order to prevent a man-in-the-middle attack.

This policy does not affect which security protocols are enabled.

If you disable this policy, system defaults will be used.

Solution

Policy Path: Windows ComponentsInternet ExplorerSecurity Features
Policy Setting Name: Allow fallback to SSL 3.0 (Internet Explorer)

Supportive Information

The following resource is also helpful.

• https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1909-and-windows-server/ba-p/1023093

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

• 800-53|SC-13.

Source

• Tenable.com/audits