Talk:Necko:SSL v2 Sites

From MozillaWiki
Jump to: navigation, search

FWIW, I've asked 1&1 support about the missing SSLv3 support and got this response:

die Zertifikate werden von angeboten/erstellt. Diese Instanz bietet  
SSL2-Zertifikate an, eine Umstellung auf SSL3 ist uns bisher nicht bekannt.

That is:, who provides the SSL certificates for 1&1, offers only SSL2 certificates. Transition to SSL3 is not available as yet nor planned. Wo 09:05, 19 May 2005 (PDT)

I find that really hard to believe. Although I can't find anything that says one way or the other from their website, they have a whitepaper describing their service that happily points out that SSLv3 exists and was introduced 6 years ago, although it doesn't come right out and say they're using it. However, the following command line tells me:
$ openssl s_client -connect
Certificate chain
 0 s:/C=US/ (c)02/OU=Domain Control Validated - Organization Not Validated/
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
    Protocol  : TLSv1
    Cipher    : RC4-MD5
Which says they're using a certificate they issued to themselves, which is using SSLv3. --Justdave 19:29, 19 May 2005 (PDT)

Removed from the page:

 Now, works fine.
 This was a server configuration error, fixed 20th August 2005

--TBBle 2005-08-30 14:09 +1000