Necko:SSL v2 Sites: Difference between revisions

This is a list of websites known to only support SSL v2 - that is, if you turn it off, you get an error message saying that you can't access the site, or any attempt to connect to the site causes a long hang. In order for a site to be added to this list, it should be quickly accessible with SSL v2 enabled, but you should get an error message or a hang with SSL v2 disabled.

We may later attempt to contact and evangelise these sites, but at the moment this is merely a recording exercise.

• https://register.btinternet.com/
• https://mail.yourdomain.tld/ Network Solutions Webmail Direct (secure login)
  • The domain managementsite works fine with SSL 2.0 disabled.
  • Webmail Direct requirementsindicate that SSL v2 is required for a "secure" connection. Users may choose to disable SSL v2 and login via cleartext. NSI upgraded and fixed 09/24/05.
• Washington State DMV https://wws2.wa.gov/dol/vsagents/
• British Cattle Movement Service https://www.bcms.gov.uk/bcms/wctd0001.htm
• It looks that the "inloggen" link here was forgotten https://www.rabobank.nl
• Canon Europe https://my.canon-europe.com/user/register.html

Not SSL v2 but low security ciphers (other places to discuss these?):

• http://www.comcastsupport.com/sdcxuser/lachat/user/userchatstart.asp
  • I have disabled SSL v2, all SSL v2 ciphers, everything with less than 128 bits, MD5 and this is the only site in over a year that I have seen that does not work.
  • Now uses 128 bit.

Other useful links:

• Gerv's original blog post
• Opera forum post
• Netcraft may have SSL v2 server prevalence info
• SecuritySpace has another survey, although I don't think they have figures for SSL v2 only.
• IE7 will have SSL v2 disabled by default (and stricter UI for certificate errors).