mailing list archives
Re: SSL 2.0 enabled or disabled?
From: Jason Coombs <jasonc () science org>
Date: Wed, 19 May 2004 22:52:01 -1000
You may be interested to know that Sun's Java Secure Sockets Extension
(JSSE) didn't even support SSL version 2 based on a design decision made
by the product group responsible for its development -- the
vulnerabilities in the SSLv2 protocol were mostly theoretical, as the
Million Message Attack was not able to discover the server's private key
but rather it was able to discover the SSL session/secret key. This
isn't a good thing, to be sure, but it isn't so bad as to be likely in
the real world to result in a meaningful exploitation and thus harm.
I'm not sure if Sun reversed its design decision in this respect and
enabled SSLv2 in JSSE at some point, or not, as I never revisited the
issue. All of the SSLv2 servers that I was working with at the time have
since upgraded, so it would require some sort of test bed or an answer
from Sun themself as to what they did and why, and whether they had to
change direction, when, and why.
jasonc () science org
Ralf Durkee wrote:
At 07:13 PM 5/18/2004 -0700, Ooper Starr wrote:
Given all the vulnerabilities with SSL 2.0, do most people disable SSL
2.0 on their servers or are there concerns of potential loss of
consumers that may only have clients that support 2.0 who use the
application? IE's defaults are SSL 2.0 & 3.0 enabled and TLS 1.0
disabled. Any good papers about this topic?
As you suggest SSLv2 should be disabled as it is vulnerable. It can be
disabled without concern for loss of customers. I have been requiring or
recommending (depending on my role) disabling SSLv2 for several years,
at least since late 2000, as all of the browsers support sslv3 or
better. I've always found it curious that IE disables TLSv3 by default,
I suspect the MS decision maker just didn't know what TLS was. Most of
the servers I have reviewed or audited for the first time, do not
disable SSLv2 at least until after the first review. I also recommend
disabling SSLv2 on the client browser and enabling SSLv3 and TLSv1. I
have only found 2 web servers since 2000 that didn't support SSLv3 or
TLSv1. Although when IE encounters a server that doesn't support it's
required versions, it will just sit there and "spin" when it can't
complete the handshake, there's no error message given.
-- Ralf Durkee, CISSP, GSEC, GCIH