For a number of reasons, it would be useful to know if any secure sites on the web today support SSL v2 only, and not SSL v3. SSL v2 is an older version of the protocol with known security issues, such as a susceptibility to Man In the Middle attacks. However, currently all major browsers lead with an SSL 2 Hello because the connection hangs on SSL 2-only servers if you lead with an SSL 3 Hello.
We believe the number of SSL v2-only servers is now quite small, but more concrete information is needed before it can be turned off. So I’m issuing a call to Firefox developers and QA to please do the following:
- Uncheck “SSL 2.0” in the Advanced Preferences.
- Visit this link – you should get a (wonderfully clear) error message.
- Continue browsing normally.
- If you see the error on another site, add the URL here.
If you don’t hit any problems, feel free to leave it turned off permanently. If you hit a site you want to visit which needs it, you can of course enable it temporarily after reporting the site URL. For bonus points, do a Google search for secure sites and test them all.
Many thanks :-)