This page tracks sites that only accept the obsolete SSL2 ciphersuites, and those that accept only weak (40-bit and 56-bit) ciphersuites. We are working to turn off SSL2 and the weak ciphersuites in the Mozilla clients.

We may later attempt to contact and evangelise these sites, but at the moment this is merely a recording exercise.

Background

We need to turn off SSL2 for a couple of reasons.

1. It is less secure than SSL3 and TLS.
2. We need to use SSL3 hello messages to enable new functionality.

The second point needs some clarification. When your browser connects to a server and tries to initiate an SSL connection, it sends a "hello message". The format of that hello message depends on which protocol you are using (SSL2 or SSL3). While it is possible to negotiate an SSL3 connection starting with the SSL2 hello message, the SSL3 hello message allows the client and server to negotiate some new capabilities, including Elliptic Curve Cryptography (ECC) and Server Name Indication (SNI).

ECC is an emerging cryptographic standard which can be used instead of the RSA algorithm. It uses smaller keys than RSA, which means it can be faster than RSA for the same level of cryptographic strength. The US Government is moving away from the RSA cryptosystem, and onto ECC, by the year 2010. See this page from the NSA for more information.

SNI allows a host to run several SSL servers, with different DNS names, on the same box. When the client connects to the server, it announces which server (DNS name) it wants to talk to. The server can then send to the client the certificate that corresponds to this request. This happens at the start of the SSL negotiation, so the server never sends to the client the wrong certificate.

SSL2-only sites, and sites that only support weak ciphers, are now incredibly rare. Of the top SSL sites, fewer than 20 support only SSL2, and fewer than 50 require weak ciphers.

The weak ciphers are no longer useful. We're removing them to make sure your connections are always as secure as possible.

SSL2 Only Sites

Here is a list of websites known to only support SSL v2 - that is, if you turn SSL2 off, you get an error message saying that you can't access the site, or any attempt to connect to the site causes a long hang. In order for a site to be added to this list, it should be quickly accessible with SSL v2 enabled, but you should get an error message or a hang with SSL v2 disabled.

• British Cattle Movement Service https://www.bcms.gov.uk/bcms/wctd0001.htm
• https://ofx.schwab.com/ Charles Schwab download server used by Quicken (and, possibly, Microsoft Money).
• https://register.btinternet.com/ https://register.btinternet.com/
• https://mail.yourdomain.tld/ Network Solutions Webmail Direct (secure login)
  • The https://www.networksolutions.com/manage-it/index.jhtml domain management site works fine with SSL 2.0 disabled.
  • Webmail Direct requirementsindicate that SSL v2 is required for a "secure" connection. Users may choose to disable SSL v2 and login via cleartext. NSI upgraded and fixed 09/24/05.
• Washington State DMV https://wws2.wa.gov/dol/vsagents/ (dead) and newer fortress.wa.gov supports tls/ssl2
• It looks that the "inloggen" link here was forgotten https://www.rabobank.nl
• Canon Europe https://my.canon-europe.com/user/register.html

Weak Cipher Sites

Not SSL v2 but low security ciphers (other places to discuss these?):

• https://accountmanagement.o2.co.uk https://accountmanagement.o2.co.uk - uses DES-CBC 56bit encryption [http://tlsreport.layer8.net/reports/accountmanagement.o2.co.uk?protocol=https fixed june 2008)
• http://www.comcastsupport.com/sdcxuser/lachat/user/userchatstart.asp
  • I have disabled SSL v2, all SSL v2 ciphers, everything with less than 128 bits, MD5 and this is the only site in over a year that I have seen that does not work.
  • Now uses 128 bit.
• https://secureads.ft.com/ Financial Times advertisement server better June2008
  • This server is used when you visit some Financial Times web pages.
• https://Webmail.shaw.ca webmail interface for Shaw Communications in Canada RC4-MD5 128 supported june 2008

Other useful links

• Gerv's original blog post
• Opera forum post
• Announcement from Opera that SSL v2 will be disabled by default in Opera 9
• Netcraft may have SSL v2 server prevalence info
• SSL Setup Process
• SecuritySpace has another survey, although I don't think they have figures for SSL v2 only.
• IE7 will have SSL v2 disabled by default (and stricter UI for certificate errors).
• Wikipedia article on ECC
• A summary of protocol update problems from the makers of Opera
• RFC 3546, Section 3.1 Server Name Indication (SNI)
• SSL2 tracking bug from 2001. As you can see, some of us have been interested in removing SSL2 for a long time.
• Debian GNU/Linux Firefox and Galeon packages have disabled SSL v2 by default. Unfortunately, the original packages still haven't.
• SSL Knowledgebase
• The TLS report