Disable the TLS version fallback.

components/policy/resources/policy_templates.json

 {
 # policy_templates.json - Metafile for policy templates
 #
 # The content of this file is evaluated as a Python expression.
 #
 # This file is used as input to generate the following policy templates:
 # ADM, ADMX+ADML, MCX/plist and html documentation.
 #
 # Policy templates are user interface definitions or documents about the
 # policies that can be used to configure Chrome. Each policy is a name-value
@@ skipping 7818 matching lines @@
       Otherwise it may be set to one of the following values: "sslv3", "tls1", "tls1.1" or "tls1.2". When set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will not use SSL/TLS versions less than the specified version. An unrecognized value will be ignored.
 
       Note that, despite the number, "sslv3" is an earlier version than "tls1".''',
     },
     {
       'name': 'SSLVersionFallbackMin',
       'type': 'string-enum',
       'schema': {
         'type': 'string',
         'enum': [
-          'tls1',
           'tls1.1',
           'tls1.2',
         ],
       },
       'items': [
         {
-          'name': 'TLSv1',
-          'value': 'tls1',
-          'caption': 'TLS 1.0',
-        },
-        {
           'name': 'TLSv1.1',
           'value': 'tls1.1',
           'caption': 'TLS 1.1',
         },
         {
           'name': 'TLSv1.2',
           'value': 'tls1.2',
           'caption': 'TLS 1.2',
         },
       ],
       'supported_on': [
-        'chrome.*:45-47',
-        'chrome_os:45-47',
-        'android:45-47',
-        'ios:45-47',
+        'chrome.*:50-52',
+        'chrome_os:50-52',
+        'android:50-52',
+        'ios:50-52',
       ],
       'features': {
         'dynamic_refresh': True,
         'per_profile': False,
       },
       'example_value': 'tls1.1',
       'id': 280,
       'caption': '''Minimum TLS version to fallback to''',
-      'tags': [],
-      'desc': '''Warning: The TLS 1.0 version fallback will be removed from <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> after version 47 (around January 2016) and the "tls1" option will stop working then.
+      'tags': ['system-security'],
+      'desc': '''Warning: The TLS version fallback will be removed from <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> after version 52 (around September 2016) and this policy will stop working then.
 
-      When a TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will retry the connection with a lesser version of TLS in order to work around bugs in HTTPS servers. This setting configures the version at which this fallback process will stop. If a server performs version negotiation correctly (i.e. without breaking the connection) then this setting doesn't apply. Regardless, the resulting connection must still comply with SSLVersionMin.
+      When a TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> would previously retry the connection with a lesser version of TLS in order to work around bugs in HTTPS servers. This setting configures the version at which this fallback process will stop. If a server performs version negotiation correctly (i.e. without breaking the connection) then this setting doesn't apply. Regardless, the resulting connection must still comply with SSLVersionMin.
 
-      If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> uses a default minimum version which is TLS 1.0 in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> 44 and TLS 1.1 in later versions. Note this does not disable support for TLS 1.0, only whether <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will work around buggy servers which cannot negotiate versions correctly.
+      If this policy is not configured or if it is set to "tls1.2" then <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> no longer performs this fallback. Note this does not disable support for older TLS versions, only whether <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will work around buggy servers which cannot negotiate versions correctly.
 
-      Otherwise it may be set to one of the following values: "tls1", "tls1.1" or "tls1.2". If compatibility with a buggy server must be maintained, this may be set to "tls1". This is a stopgap measure and the server should be rapidly fixed.
-
-      A setting of "tls1.2" disables all fallback but this may have a significant compatibility impact.''',
+      Otherwise, if compatibility with a buggy server must be maintained, this policy may be set to "tls1.1". This is a stopgap measure and the server should be rapidly fixed.''',
     },
     {
       'name': 'RC4Enabled',
       'type': 'main',
       'schema': {
         'type': 'boolean',
       },
       'supported_on': [
         'chrome.*:48-52',
         'chrome_os:48-52',
@@ skipping 470 matching lines @@
       'desc': '''Text appended in parentheses next to the policies top-level container to indicate that those policies are of the Recommended level''',
       'text': 'Default Settings (users can override)',
     },
     'doc_complex_policies_on_windows': {
       'desc': '''Text pointing the user to a help article for complex policies on Windows''',
       'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POLICIES_URL">https://www.chromium.org/administrators/complex-policies-on-windows<ex>https://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>''',
     },
   },
   'placeholders': [],
 }