SSL v2 /3 ?
HI Guys,
I employer sugested upon this question as to SSL 2 is not secure and SSL 3 should b used.
I was wondering if the flaw was with SSL 2 not getting easily cracked by black hats or its the way its getting implemented makes it vulenrable.
What could b the best explanatoin to tranfer to SSL v3? any docs any links..any suggestions.
I employer sugested upon this question as to SSL 2 is not secure and SSL 3 should b used.
I was wondering if the flaw was with SSL 2 not getting easily cracked by black hats or its the way its getting implemented makes it vulenrable.
What could b the best explanatoin to tranfer to SSL v3? any docs any links..any suggestions.
Comments
-
bertieb Member Posts: 1,031 ■■■■■■□□□□Wikipedia gives a general run down. http://en.wikipedia.org/wiki/Secure_Sockets_Layer. I'm sure the security guys on here can give further links and explanation.
I seem to be spending an awful lot of time being security tested by various firms these days and they all advise to disable ssl v2 wherever possible due to the weaknesses/flaws included on that link. It's not the implementation as such, the flaws are inherent to SSLv2. Things move on and get better - use v3 instead where possible.
Don't know if you need to turn it off on Windows or Unix systems, but it is very easy to do on a Windows server platform if you are using IIS to serve the content (a few reg tweaks and there is a good KB article on how to do it).The trouble with quotes on the internet is that you can never tell if they are genuine - Abraham Lincoln -
Obi-LAN-Kenobi Member Posts: 19 ■□□□□□□□□□SSL ver. 2 is turned off by default in IE 7.0. SSL v2 should not be used unless backward compatability is absolutely required. SSL v2 suffers from weak ciphers, it uses the same key for encryption and authentication, and it is prone to man-in-the-middle attacks.