Nelson Bolyard wrote: > 2. That SSL2 allows an attacker to "force you ... to use a very weak > encryption". That's just not true. 3DES and 128-bit RC43 are no > weaker with SSL2 than with SSL3. An SSL2 client can choose to disallow > the "40-bit" ciphers, just as an SSL3 client can. Likewise, an SSL3 > client that allows 40-bit ciphers is just as vulnerable with those > ciphers as is an SSL2 client.
I 'm totally on your side and I approve what you say But the fact is I consider that an attack is an attack if It successes most of the time ... As 40 bit cipher are allowed it is possible to lower the encryption (for most of the people) ... but the fact is even we accept lowest encryption SSL3 avoid changing the cipher list and then the downgrading attack is just useless ... SSLv3 has been implemented in order to be more secure than SSLv2 concerning this issue (not just for that but it is one of the problems) > but only that we should not accuse it of being vulnerable to things it > is not. To be really clear - SSLv2 with high encryption is as secure as SSLv3 with high encryption - SSLv2 allows to downgrade the encryption (perhaps we can detect it but most of the time it is not implemented on servers) We have to clearly separate the encryption and the protocol which are definitely different > I think we are getting ever closer to the day when mozilla can and will > do that. I think so > > Personally, I think we should be more concerned with servers that still > use only the old "export" (a.k.a. 40-bit") ciphers, whether SSL2 or SSL3. Thanks for your advise but the fact is that we can do one thing : It is to change some things on mozilla ... not one some servers in the world which don't want to upgrade... One more time it is not a critisism ... I want just to have an other point of view in order to make some improvements Kikx _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
