Details
This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0,
TLS 1.1, TLS 1.2, Secure Sockets Layer (SSL) 2.0 or SSL 3.0 in the browser. TLS and SSL are
protocols for protecting communication between the browser and the target server. When
the browser attempts to set up a protected communication with the target server, the
browser and server negotiate which protocol and version to use. The browser and server
attempt to match each others list of supported protocols and versions and pick the most
preferred match. If you enable this policy setting, the browser will or will not negotiate an
encryption tunnel with the encryption methods you select through the drop down list. If
you disable or do not configure this policy setting, the user can select which encryption
method the browser will support. The recommended state for this settings is Use TLS 1.1
and TLS 1.2. Only use TLS 1.2 also conforms with this guidance.
*Rationale*
Risk is reduced by preventing Internet Explorer from communicating over protocols, such
as SSL v2.0 and SSL v3.0, that suffer from known practical attacks.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to
Use TLS 1.1 and TLS 1.2
Computer ConfigurationAdministrative TemplatesWindows ComponentsInternet
ExplorerInternet Control PanelAdvanced PageTurn off Encryption Support- Secure
Protocol combinations
Impact-
Determines the encryption protocols that may be used. One of the designated protocols
needs to be active on both sides of the connection for encryption to function correctly.
Default Value-Disabled
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.