Kikx wrote:
Considering that it's a lack of security and allow man in the middle attack (down negociation only) and even if you would like to use TLS or SSL3 an attaquant can just force you to go to SSL2 and then to use a very weak encryption without any warning ...
There are two statements (or implied statements) here that I think need to be addressed: 1. That SSL2 "allow[s] man in the middle attack". Protocol version rollback is NOT the same as a Man In The Middle attack. Rollback is an "active" attack, and a real attack, but of limited consequence for SSL2. I'm not saying we should ignore it, but only that we should not inflate it by calling it something worse than it is. 2. That SSL2 allows an attacker to "force you ... to use a very weak encryption". That's just not true. 3DES and 128-bit RC43 are no weaker with SSL2 than with SSL3. An SSL2 client can choose to disallow the "40-bit" ciphers, just as an SSL3 client can. Likewise, an SSL3 client that allows 40-bit ciphers is just as vulnerable with those ciphers as is an SSL2 client. My point is not that SSL2 is flawless, nor that its life should be prolonged but only that we should not accuse it of being vulnerable to things it is not. Our decisions on whether or not to use SSL2 should be based on facts about its strengths and weaknesses.
I really think that mozilla should disable SSL2
I think we are getting ever closer to the day when mozilla can and will do that.
or warning a lot when asking in ssl3 and the server response in SSL2 !!!
I hope you realize that means warning for EVERY SSL2 server.
Kikx
Personally, I think we should be more concerned with servers that still use only the old "export" (a.k.a. 40-bit") ciphers, whether SSL2 or SSL3. /Nelson _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
