Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Allow Fallback to SSL 3.0 (Internet Explorer) must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-64729 | DTBI1100-IE11 | SV-79219r3_rule | Medium |
| Description |
|---|
| This parameter ensures only DoD-approved ciphers and algorithms are enabled for use by the web browser by blocking an insecure fallback to SSL when TLS 1.1 or greater fails. |
| STIG | Date |
|---|---|
| Microsoft Internet Explorer 11 Security Technical Implementation Guide | 2017-03-01 |
Details
| Check Text ( C-65471r4_chk ) |
|---|
| The policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Security Features >> "Allow fallback to SSL 3.0 (Internet Explorer)" must be "Enabled", and "No Sites" selected from the drop-down box. If "Allow fallback to SSL 3.0 (Internet Explorer)" is not "Enabled" or any other drop-down option is selected, this is a finding. Procedure: Use the Windows Registry Editor to navigate to the following key: HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings. Criteria: If the value "EnableSSL3Fallback" is REG_DWORD=0, this is not a finding. |
| Fix Text (F-70659r5_fix) |
|---|
| Set the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Internet Explorer >> Security Features >> "Allow fallback to SSL 3.0 (Internet Explorer)" to "Enabled", and select "No Sites" from the drop-down box. |