Necko:SSL v2 Sites: Difference between revisions
No edit summary |
|||
| Line 21: | Line 21: | ||
** Now uses 128 bit.</strike> | ** Now uses 128 bit.</strike> | ||
* [https://secureads.ft.com/ Financial Times advertisement server] | * [https://secureads.ft.com/ Financial Times advertisement server] | ||
** This server is used when you visit some Financial Times web pages. | ** This server is used when you visit some Financial Times web pages. | ||
* [https://Webmail.shaw.ca webmail interface] for [http://www.shaw.ca/en-ca Shaw Communications in Canada] | |||
=Other useful links= | =Other useful links= | ||
Revision as of 00:42, 9 May 2006
This page tracks sites that only accept the obsolete SSL2 ciphersuites, and those that accept only weak (40-bit and 56-bit) ciphersuites. We are working to turn off SSL2 and the weak ciphersuites in the Mozilla clients.
We may later attempt to contact and evangelise these sites, but at the moment this is merely a recording exercise.
SSL2 Only Sites
Here is a list of websites known to only support SSL v2 - that is, if you turn SSL2 off, you get an error message saying that you can't access the site, or any attempt to connect to the site causes a long hang. In order for a site to be added to this list, it should be quickly accessible with SSL v2 enabled, but you should get an error message or a hang with SSL v2 disabled.
- https://register.btinternet.com/
https://mail.yourdomain.tld/ Network Solutions Webmail Direct (secure login)- The domain managementsite works fine with SSL 2.0 disabled.
Webmail Direct requirementsindicate that SSL v2 is required for a "secure" connection. Users may choose to disable SSL v2 and login via cleartext.NSI upgraded and fixed 09/24/05.
- Washington State DMV https://wws2.wa.gov/dol/vsagents/
- British Cattle Movement Service https://www.bcms.gov.uk/bcms/wctd0001.htm
It looks that the "inloggen" link here was forgotten https://www.rabobank.nlCanon Europe https://my.canon-europe.com/user/register.html
Weak Cipher Sites
Not SSL v2 but low security ciphers (other places to discuss these?):
http://www.comcastsupport.com/sdcxuser/lachat/user/userchatstart.asp- I have disabled SSL v2, all SSL v2 ciphers, everything with less than 128 bits, MD5 and this is the only site in over a year that I have seen that does not work.
Now uses 128 bit.
- Financial Times advertisement server
- This server is used when you visit some Financial Times web pages.
- webmail interface for Shaw Communications in Canada
Other useful links
- Gerv's original blog post
- Opera forum post
- Netcraft may have SSL v2 server prevalence info
- SecuritySpace has another survey, although I don't think they have figures for SSL v2 only.
- IE7 will have SSL v2 disabled by default (and stricter UI for certificate errors).