Update enables SSL 3.0 fallback warnings in Internet Explorer 11

The update that this article describes has been replaced by a newer update. We recommend that you install the most current cumulative security update for Internet Explorer. To install the most current update, go to the following Microsoft website: For more technical information about the most current cumulative security update for Internet Explorer, go to the following Microsoft website: After you install the most current cumulative security update for Internet Explorer, the behavior for disabling SSL 3.0 fallback is enabled by default.
About this update
This update enables SSL 3.0 fallback warnings to be displayed when a connection in Internet Explorer insecurely falls back from TLS 1.0 or a later version to SSL 3.0 or an earlier version. This is to prevent a Man-in-the-Middle attack. By default, this behavior is disabled. However, you can enable this behavior by using one of the following methods:
  • You can run the following easy fix solution by clicking the Download button. Then, in the File Download dialog box, click Run or Open, and then follow the steps in the easy fix wizard.
  • You can use the Allow fallback to SSL 3.0 (Internet Explorer) Group Policy object in Group Policy Editor. The screen shot of the object setting resembles the following.

    Note This object is located under Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features.

    Allow fallback to SSL 3.0 (Internet Explorer)
  • You can set a registry entry. To do this, follow these steps.

    Important Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.
    1. Start Registry Editor:
      • In Windows 7, click Start, type regedit in the Search programs and files text box, and then click regedit.exe in the search results.
      • In Windows 8, move your mouse to the upper-right corner, click Search, type regedit in the search text box, and then click regedit.exe in the search results.
    2. Locate and then select the following registry subkey:
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    3. On the Edit menu, point to New, and then click DWORD Value.
    4. Type EnableSSL3Fallback, and then press the Enter key.
    5. In the Details pane, right-click EnableSSL3Fallback, and then click Modify.
    6. In the Value data box, type a value, and then click OK.

      Notes
      • If you want to block insecure fallback for all sites, you can set the value to 0. (Most Secure)
      • If you want to block insecure fallback for Protected Mode sites, you can set the value to 1.
      • If you do not want to block insecure fallback, you can set the value to 3. (Least Secure)
    7. Exit Registry Editor.
If embedded images, frames, or ActiveX controls fallback to SSL 3.0, Internet Explorer displays the following error message:
This content cannot be displayed in a frame
Content was blocked because it used an insecure encryption protocol
For more information, see "Insecure Connection" in Internet Explorer Help.
Update information
To enable this update, install the most recent cumulative security update for Internet Explorer. To do this, go to Microsoft Update. Additionally, see the technical information about the most recent cumulative security update for Internet Explorer.

Note This update was first included in security update December cumulative security update for Internet Explorer (MS14-080).
References
See the terminology that Microsoft uses to describe software updates.

Properties

Article ID: 3013210 - Last Review: 09/28/2015 02:27:00 - Revision: 4.0

Internet Explorer 11

  • kbqfe kbfix kbexpertiseadvanced kbsurveynew KB3013210
Feedback