Minimum TLS version to fallback to

Warning: The TLS version fallback will be removed from Google Chrome after version 52 (around September 2016) and this policy will stop working then.

When a TLS handshake fails, Google Chrome would previously retry the connection with a lesser version of TLS in order to work around bugs in HTTPS servers. This setting configures the version at which this fallback process will stop. If a server performs version negotiation correctly (i.e. without breaking the connection) then this setting doesn't apply. Regardless, the resulting connection must still comply with SSLVersionMin.

If this policy is not configured or if it is set to "tls1.2" then Google Chrome no longer performs this fallback. Note that this does not disable support for older TLS versions, only whether Google Chrome will work around buggy servers which cannot negotiate versions correctly.

Otherwise, if compatibility with a buggy server must be maintained, this policy may be set to "tls1.1". This is a stopgap measure and the server should be rapidly fixed.

Supported on: Microsoft Windows XP SP2 or later
Minimum TLS version to fallback to


  1. TLS 1.1
    Registry HiveHKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
    Registry PathSoftware\Policies\Google\Chrome
    Value NameSSLVersionFallbackMin
    Value TypeREG_SZ
    Valuetls1.1
  2. TLS 1.2
    Registry HiveHKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
    Registry PathSoftware\Policies\Google\Chrome
    Value NameSSLVersionFallbackMin
    Value TypeREG_SZ
    Valuetls1.2


chrome.admx

Administrative Templates (Computers)

Administrative Templates (Users)