Considering that it's a lack of security and allow man in the middle attack (down negociation only) and even if you would like to use TLS or SSL3 an attaquant can just force you to go to SSL2 and then to use a very weak encryption without any warning ...
I really think that mozilla should disable SSL2 or warning a lot when asking in ssl3 and the server response in SSL2 !!! Kikx _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
