36
edits
Necko:SSL v2 Sites: Difference between revisions
→SSL2 Only Sites: remove link to out-of-date tlsreport site
(→SSL2 Only Sites: remove link to out-of-date tlsreport site) |
|||
| (12 intermediate revisions by 7 users not shown) | |||
| Line 21: | Line 21: | ||
Here is a list of websites known to only support SSL v2 - that is, if you turn SSL2 off, you get an error message saying that you can't access the site, or any attempt to connect to the site causes a long hang. In order for a site to be added to this list, it should be quickly accessible with SSL v2 enabled, but you should get an error message or a hang with SSL v2 disabled. | Here is a list of websites known to only support SSL v2 - that is, if you turn SSL2 off, you get an error message saying that you can't access the site, or any attempt to connect to the site causes a long hang. In order for a site to be added to this list, it should be quickly accessible with SSL v2 enabled, but you should get an error message or a hang with SSL v2 disabled. | ||
* | * British Cattle Movement Service <strike>https://www.bcms.gov.uk/bcms/wctd0001.htm</strike> | ||
* | * <strike>https://ofx.schwab.com/</strike> Charles Schwab download server used by Quicken (and, possibly, Microsoft Money). | ||
* <strike>https://mail.yourdomain.tld/ Network Solutions Webmail Direct (secure login) | * <strike>https://register.btinternet.com/ https://register.btinternet.com/</strike> | ||
** The | * <strike>https://mail.yourdomain.tld/ Network Solutions Webmail Direct (secure login)</strike> | ||
** Webmail Direct [http://faq.networksolutionsemail.com/browsers/ requirements]indicate that SSL v2 is required for a "secure" connection. Users may choose to disable SSL v2 and login via cleartext. | ** The <strike>https://www.networksolutions.com/manage-it/index.jhtml domain management site</strike> works fine with SSL 2.0 disabled. | ||
* Washington State DMV https://wws2.wa.gov/dol/vsagents/ | ** Webmail Direct [http://faq.networksolutionsemail.com/browsers/ requirements]indicate that SSL v2 is required for a "secure" connection. Users may choose to disable SSL v2 and login via cleartext. NSI upgraded and fixed 09/24/05. | ||
* Washington State DMV <strike>https://wws2.wa.gov/dol/vsagents/</strike> (dead) and newer fortress.wa.gov supports tls/ssl2 | |||
* <strike>It looks that the "inloggen" link here was forgotten https://www.rabobank.nl</strike> | * <strike>It looks that the "inloggen" link here was forgotten https://www.rabobank.nl</strike> | ||
* <strike>Canon Europe https://my.canon-europe.com/user/register.html</strike> | * <strike>Canon Europe https://my.canon-europe.com/user/register.html</strike> | ||
| Line 33: | Line 33: | ||
=Weak Cipher Sites= | =Weak Cipher Sites= | ||
Not SSL v2 but low security ciphers (other places to discuss these?): | Not SSL v2 but low security ciphers (other places to discuss these?): | ||
* <strike>https://accountmanagement.o2.co.uk https://accountmanagement.o2.co.uk</strike> - uses DES-CBC 56bit encryption [http://tlsreport.layer8.net/reports/accountmanagement.o2.co.uk?protocol=https fixed june 2008) | |||
* <strike>[https://www.comcastsupport.com/sdcxuser/lachat/user/userchatstart.asp http://www.comcastsupport.com/sdcxuser/lachat/user/userchatstart.asp] | * <strike>[https://www.comcastsupport.com/sdcxuser/lachat/user/userchatstart.asp http://www.comcastsupport.com/sdcxuser/lachat/user/userchatstart.asp] | ||
** I have disabled SSL v2, all SSL v2 ciphers, everything with less than 128 bits, MD5 and this is the only site in over a year that I have seen that does not work. | ** I have disabled SSL v2, all SSL v2 ciphers, everything with less than 128 bits, MD5 and this is the only site in over a year that I have seen that does not work. | ||
** Now uses 128 bit.</strike> | ** Now uses 128 bit.</strike> | ||
* | * <strike>https://secureads.ft.com/ Financial Times advertisement server</strike> [http://tlsreport.layer8.net/reports/secureads.ft.com?protocol=https better June2008] | ||
** This server is used when you visit some Financial Times web pages. | ** This server is used when you visit some Financial Times web pages. | ||
* | * <strike>https://Webmail.shaw.ca webmail interface</strike> for [http://www.shaw.ca/en-ca Shaw Communications in Canada] [http://tlsreport.layer8.net/reports/Webmail.shaw.ca?protocol=https RC4-MD5 128 supported june 2008] | ||
=Other useful links= | =Other useful links= | ||
| Line 45: | Line 45: | ||
* [http://weblogs.mozillazine.org/gerv/archives/008157.html Gerv's original blog post] | * [http://weblogs.mozillazine.org/gerv/archives/008157.html Gerv's original blog post] | ||
* [http://my.opera.com/community/forums/topic.dml?id=91417 Opera forum post] | * [http://my.opera.com/community/forums/topic.dml?id=91417 Opera forum post] | ||
* [http://labs.opera.com/news/2006/05/16/ Announcement from Opera that SSL v2 will be disabled by default in Opera 9] | |||
* [http://www.netcraft.com Netcraft] may have SSL v2 server prevalence info | * [http://www.netcraft.com Netcraft] may have SSL v2 server prevalence info | ||
* [http://bodhost.com/web-hosting/index.php/2006/12/19/how-to-setup-ssl-certificate/ SSL Setup Process] | |||
* [http://www.securityspace.com/s_survey/sdata/200504/protciph.html SecuritySpace] has another survey, although I don't think they have figures for SSL v2 <b>only</b>. | * [http://www.securityspace.com/s_survey/sdata/200504/protciph.html SecuritySpace] has another survey, although I don't think they have figures for SSL v2 <b>only</b>. | ||
* [http://blogs.msdn.com/ie/archive/2005/10/22/483795.aspx IE7] will have SSL v2 disabled by default (and stricter UI for certificate errors). | * [http://blogs.msdn.com/ie/archive/2005/10/22/483795.aspx IE7] will have SSL v2 disabled by default (and stricter UI for certificate errors). | ||
| Line 53: | Line 55: | ||
* [https://bugzilla.mozilla.org/show_bug.cgi?id=76162 SSL2 tracking bug from 2001]. As you can see, some of us have been interested in removing SSL2 for a long time. | * [https://bugzilla.mozilla.org/show_bug.cgi?id=76162 SSL2 tracking bug from 2001]. As you can see, some of us have been interested in removing SSL2 for a long time. | ||
* Debian GNU/Linux [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=371153 Firefox] and [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=303849 Galeon packages] have disabled SSL v2 by default. Unfortunately, the original packages still haven't. | * Debian GNU/Linux [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=371153 Firefox] and [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=303849 Galeon packages] have disabled SSL v2 by default. Unfortunately, the original packages still haven't. | ||
* [http://www.webhosting.uk.com/knowledgebase/category/ssl/ SSL Knowledgebase] | |||
* [http://tlsreport.layer8.net The TLS report] | |||