chromium/components/policy/resources/templates/policy_definitions/Miscellaneous/SSLVersionFallbackMin.yaml

caption: Minimum TLS version to fallback to
deprecated: true
desc: |-
  This policy was removed in M53 after TLS version fallback was removed from <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>.

        When a TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> would previously retry the connection with a lesser version of TLS in order to work around bugs in HTTPS servers. This setting configures the version at which this fallback process will stop. If a server performs version negotiation correctly (i.e. without breaking the connection) then this setting doesn't apply. Regardless, the resulting connection must still comply with SSLVersionMin.

        If this policy is not configured or if it is set to "tls1.2" then <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> no longer performs this fallback. Note this does not disable support for older TLS versions, only whether <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will work around buggy servers which cannot negotiate versions correctly.

        Otherwise, if compatibility with a buggy server must be maintained, this policy may be set to "tls1.1". This is a stopgap measure and the server should be rapidly fixed.
example_value: tls1.1
features:
  dynamic_refresh: true
  per_profile: false
items:
- caption: TLS 1.1
  name: TLSv1.1
  value: tls1.1
- caption: TLS 1.2
  name: TLSv1.2
  value: tls1.2
owners:
- file://crypto/OWNERS
- [email protected]
schema:
  enum:
  - tls1.1
  - tls1.2
  type: string
supported_on:
- chrome.*:50-52
- chrome_os:50-52
- android:50-52
tags:
- system-security
type: string-enum