Personal tools

Necko:SSL v2 Sites

From MozillaWiki

Jump to: navigation, search

This page tracks sites that only accept the obsolete SSL2 ciphersuites, and those that accept only weak (40-bit and 56-bit) ciphersuites. We are working to turn off SSL2 and the weak ciphersuites in the Mozilla clients.

We may later attempt to contact and evangelise these sites, but at the moment this is merely a recording exercise.

Contents

Background

We need to turn off SSL2 for a couple of reasons.

  1. It is less secure than SSL3 and TLS.
  2. We need to use SSL3 hello messages to enable new functionality.

The second point needs some clarification. When your browser connects to a server and tries to initiate an SSL connection, it sends a "hello message". The format of that hello message depends on which protocol you are using (SSL2 or SSL3). While it is possible to negotiate an SSL3 connection starting with the SSL2 hello message, the SSL3 hello message allows the client and server to negotiate some new capabilities, including Elliptic Curve Cryptography (ECC) and Server Name Indication (SNI).

ECC is an emerging cryptographic standard which can be used instead of the RSA algorithm. It uses smaller keys than RSA, which means it can be faster than RSA for the same level of cryptographic strength. The US Government is moving away from the RSA cryptosystem, and onto ECC, by the year 2010. See this page from the NSA for more information.

SNI allows a host to run several SSL servers, with different DNS names, on the same box. When the client connects to the server, it announces which server (DNS name) it wants to talk to. The server can then send to the client the certificate that corresponds to this request. This happens at the start of the SSL negotiation, so the server never sends to the client the wrong certificate.

SSL2-only sites, and sites that only support weak ciphers, are now incredibly rare. Of the top SSL sites, fewer than 20 support only SSL2, and fewer than 50 require weak ciphers.

The weak ciphers are no longer useful. We're removing them to make sure your connections are always as secure as possible.

SSL2 Only Sites

Here is a list of websites known to only support SSL v2 - that is, if you turn SSL2 off, you get an error message saying that you can't access the site, or any attempt to connect to the site causes a long hang. In order for a site to be added to this list, it should be quickly accessible with SSL v2 enabled, but you should get an error message or a hang with SSL v2 disabled.

Weak Cipher Sites

Not SSL v2 but low security ciphers (other places to discuss these?):

Other useful links