36
edits
Necko:SSL v2 Sites: Difference between revisions
→SSL2 Only Sites: remove link to out-of-date tlsreport site
(checked current list with http://tlsreport.layer8.net - only British Cattle Movement Service still bad) |
(→SSL2 Only Sites: remove link to out-of-date tlsreport site) |
||
| (4 intermediate revisions by 2 users not shown) | |||
| Line 21: | Line 21: | ||
Here is a list of websites known to only support SSL v2 - that is, if you turn SSL2 off, you get an error message saying that you can't access the site, or any attempt to connect to the site causes a long hang. In order for a site to be added to this list, it should be quickly accessible with SSL v2 enabled, but you should get an error message or a hang with SSL v2 disabled. | Here is a list of websites known to only support SSL v2 - that is, if you turn SSL2 off, you get an error message saying that you can't access the site, or any attempt to connect to the site causes a long hang. In order for a site to be added to this list, it should be quickly accessible with SSL v2 enabled, but you should get an error message or a hang with SSL v2 disabled. | ||
* British Cattle Movement Service https://www.bcms.gov.uk/bcms/wctd0001.htm | * British Cattle Movement Service <strike>https://www.bcms.gov.uk/bcms/wctd0001.htm</strike> | ||
* <strike>https://ofx.schwab.com/</strike> Charles Schwab download server used by Quicken (and, possibly, Microsoft Money). | * <strike>https://ofx.schwab.com/</strike> Charles Schwab download server used by Quicken (and, possibly, Microsoft Money). | ||
* <strike>https://register.btinternet.com/ https://register.btinternet.com/</strike> | * <strike>https://register.btinternet.com/ https://register.btinternet.com/</strike> | ||
| Line 33: | Line 33: | ||
=Weak Cipher Sites= | =Weak Cipher Sites= | ||
Not SSL v2 but low security ciphers (other places to discuss these?): | Not SSL v2 but low security ciphers (other places to discuss these?): | ||
* | * <strike>https://accountmanagement.o2.co.uk https://accountmanagement.o2.co.uk</strike> - uses DES-CBC 56bit encryption [http://tlsreport.layer8.net/reports/accountmanagement.o2.co.uk?protocol=https fixed june 2008) | ||
* <strike>[https://www.comcastsupport.com/sdcxuser/lachat/user/userchatstart.asp http://www.comcastsupport.com/sdcxuser/lachat/user/userchatstart.asp] | * <strike>[https://www.comcastsupport.com/sdcxuser/lachat/user/userchatstart.asp http://www.comcastsupport.com/sdcxuser/lachat/user/userchatstart.asp] | ||
** I have disabled SSL v2, all SSL v2 ciphers, everything with less than 128 bits, MD5 and this is the only site in over a year that I have seen that does not work. | ** I have disabled SSL v2, all SSL v2 ciphers, everything with less than 128 bits, MD5 and this is the only site in over a year that I have seen that does not work. | ||
** Now uses 128 bit.</strike> | ** Now uses 128 bit.</strike> | ||
* | * <strike>https://secureads.ft.com/ Financial Times advertisement server</strike> [http://tlsreport.layer8.net/reports/secureads.ft.com?protocol=https better June2008] | ||
** This server is used when you visit some Financial Times web pages. | ** This server is used when you visit some Financial Times web pages. | ||
* | * <strike>https://Webmail.shaw.ca webmail interface</strike> for [http://www.shaw.ca/en-ca Shaw Communications in Canada] [http://tlsreport.layer8.net/reports/Webmail.shaw.ca?protocol=https RC4-MD5 128 supported june 2008] | ||
=Other useful links= | =Other useful links= | ||
| Line 56: | Line 56: | ||
* Debian GNU/Linux [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=371153 Firefox] and [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=303849 Galeon packages] have disabled SSL v2 by default. Unfortunately, the original packages still haven't. | * Debian GNU/Linux [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=371153 Firefox] and [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=303849 Galeon packages] have disabled SSL v2 by default. Unfortunately, the original packages still haven't. | ||
* [http://www.webhosting.uk.com/knowledgebase/category/ssl/ SSL Knowledgebase] | * [http://www.webhosting.uk.com/knowledgebase/category/ssl/ SSL Knowledgebase] | ||
* [http://tlsreport.layer8.net The TLS report] | |||