I am sorry if this seems like a dumb question. Recently my boss has been informed that supporting SSL Version 2 would make us non-compliant with PCI (Payment Card Industry) certification. My guess would be that (being on top of such things) OpenBSD's httpd probably doesn't use sslv2 since, from what I have read, there are known issues with it. But that is a GUESS, not a KNOW, and as usual, the boss wants some kind of proof.
I didn't see anything on this subject in the FAQ. I looked in the man pages for ssl, openssl, httpd, and anything else I could think of and they look like sslv2 IS supported but I couldn't figure out if it was used or not. I googled, but was overwhelmed with info about sslv2 stuff from way back in 3.9 and couldn't find anything newer (yes, my google foo needs work I'm sure). So the question is. How do I prove that our https server doesn't provide support for sslv2? Stuart van Zee [email protected]
