Duane <[EMAIL PROTECTED]> writes: >Ram A M wrote:
>> I have SSL2 disabled and AFAIK it has not limited my access to sites in >> a long time. Perhaps it is time to retire SSL2 in the default config. >I have had problems with one domain registrar using it... You may as well name 'em since it's fairly well known, it's Verisign (yes, the most trusted name on the Internet) who still require that you use SSLv2 to talk to their servers. A few banks (of all the people who should be aware of proper security) still use it as well. I tried to get wording to kill SSLv2 into the TLS 1.1 spec, while everyone agreed that it was long overdue for retirement there were backwards-compatibility/interop concerns with making it a MUST NOT :-(. Peter. _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security