SSL2 Is Dead

I recently got an email from Daniel Cater about the campaign to eliminate SSL2 from the Internet. Headline: out of the 107 sites that were known not to work without SSL2 support, now only 5 remain.

It’s been more than 3 years since you wrote
http://blog.gerv.net/2005/09/ssl2_must_die.html and I filed https://bugzilla.mozilla.org/show_bug.cgi?id=307271 [Gerv: “Eradicate SSL 2.0-only servers from the Internet”]. I’ve also gone through the bugs on a semi-regular basis and this week I went through them all again. I thought I’d give you an update :-)

Of the 82 bugs blocking bug 307271, 70 are VERIFIED, 7 are RESOLVED and 5 are NEW. In terms of resolutions, 50 are WORKSFORME, 20 are FIXED, 7 are INVALID and only 5 are unresolved.

Both bugs depending on bug 307271 have been resolved, and ssl2 was disabled for the Firefox 2 release. Nice error pages also replaced modal alerts for when sites do require ssl2.

IE7 also disabled ssl2 as did Opera and most other modern browsers.

Of the remaining 5 bugs, 1 is P3, 2 are P4 and 2 are P5. You can view them in the dependency tree: https://bugzilla.mozilla.org/showdependencytree.cgi?id=307271&hide_resolved=1. If anyone feels like writing to the sites that would be great, although if their site doesn’t work with the latest 2 major releases of Firefox or the latest release of IE, a reaction is unlikely…

So out of the 107 sites that were known not to work without SSL2 support, now only 5 remain. That’s more than 95% resolved. In terms of the entire web, 5 known broken sites isn’t bad! Thanks for starting the ball rolling on this issue, the web is now a better place.

Daniel Cater.

One thought on “SSL2 Is Dead