Duane <[EMAIL PROTECTED]> writes:

>Ram A M wrote:

>> I have SSL2 disabled and AFAIK it has not limited my access to sites in
>> a long time. Perhaps it is time to retire SSL2 in the default config.

>I have had problems with one domain registrar using it...

You may as well name 'em since it's fairly well known, it's Verisign (yes, the
most trusted name on the Internet) who still require that you use SSLv2 to
talk to their servers.  A few banks (of all the people who should be aware of
proper security) still use it as well.  I tried to get wording to kill SSLv2
into the TLS 1.1 spec, while everyone agreed that it was long overdue for
retirement there were backwards-compatibility/interop concerns with making it
a MUST NOT :-(.

Peter.

_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security

Reply via email to