Yes ...
but there is still 2 solutions
- A very big warning if we speak in SSL3 and the answer came in SSL2
SSL3 has a mechanism for detecting an attacker attempting to downgrade a connection between two SSL3 endpoints to SSL2 in order to MITM it, if that's what you mean.
- A simple disabling of SSL2
We can't do this until we know how many servers out there are still SSL 2 only, and try and get them fixed. I'm working on getting some data here.
Gerv _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
