SSL - what's the reason for disabling SSL v2 support?

ssl

Solution 1:

Wikipedia:

SSL 2.0 is flawed in a variety of ways:1

  • Identical cryptographic keys are used for message authentication and encryption.
  • SSL 2.0 has a weak MAC construction that uses the MD5 hash function with a secret prefix, making it vulnerable to length extension attacks.
  • SSL 2.0 does not have any protection for the handshake, meaning a man-in-the-middle downgrade attack can go undetected.
  • SSL 2.0 uses the TCP connection close to indicate the end of data. This means that truncation attacks are possible: the attacker simply forges a TCP FIN, leaving the recipient unaware of an illegitimate end of data message (SSL 3.0 fixes this problem by having an explicit closure alert).
  • SSL 2.0 assumes a single service and a fixed domain certificate, which clashes with the standard feature of virtual hosting in Web servers. This means that most websites are practically impaired from using SSL. TLS/SNI fixes this but is not deployed in Web servers as yet.

1: http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_1.0.2C_2.0_and_3.0

Related

How can I make Excel fetch data from a database automatically when I open the spreadsheet?
How to disable default screen capturing in Mac OS X
Is it possible to get bash to display the first letter of each directory in my working path?
How can I take an old Windows PC box and easily produce a VM clone of it?
is my old crt flickering or is it just me?
alt-d alt-f etc. stops working in my xterm
How to track if email was read
Critical gzip mistake - how to undo 'gzip -r ./'
How do you move the taskbar entries around separately for one program in Windows 7?
Why do scripts beginning with an 'S' exist in /etc/rc.d/rc{0,6}.d?
BIOS upgrade lowers CPU temperature
How to delete a group in Skype?