SSL 3.0

Enables or disables the use of SSL 3.0.

SSL 3.0 is insecure when used with HTTP and weak when used with other protocols. It is also obsolete. TLS 1.1 or better should be used instead, if possible.

Changing this setting will require a restart of the computer before the setting will take effect.


Supported on: At least Windows 2000
Enable Client-side SSL 3.0 (eg., Internet Explorer)
Enable policy:
Registry PathValue NameValue TypeValue
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\ClientEnabledREG_DWORD1
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\ClientDisabledByDefaultREG_DWORD0
Disable policy:
Registry PathValue NameValue TypeValue
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\ClientEnabledREG_DWORD0
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\ClientDisabledByDefaultREG_DWORD1
Enable Server-side SSL 3.0 (eg., IIS)
Enable policy:
Registry PathValue NameValue TypeValue
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\ServerEnabledREG_DWORD1
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\ServerDisabledByDefaultREG_DWORD0
Disable policy:
Registry PathValue NameValue TypeValue
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\ServerEnabledREG_DWORD0
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\ServerDisabledByDefaultREG_DWORD1

schannel.admx