What browsers only support SSLv2?

Asked 19/5, 2009 at 8:24 Answered 2/4, 2014 at 14:8

What browsers only use SSLv2? I'm planning to disable SSLv2 on our web server, and would want to know what browsers will be affected. I can't find anywhere what SSL versions Firefox 1/2 and IE6/7 support.

Ailsun answered 19/5, 2009 at 8:24 Comment(1)

#65121 – Meuser 21/5, 2009 at 14:18

According to the book, Data Center Fundamentals, page 369, SSLv3 support was added in Netscape 2.x and Internet Explorer 3.x, and TLS was added in Netscape 4.x and Internet Explorer 4.x.

So, SSLv3 support has been widely available since 1995–1996.

My working assumption is that SSLv2-only browsers are not found outside a museum.

Meuser answered 20/5, 2009 at 14:39 Comment(5)

And also note that most version of Netscape 1.x that supports SSLv2 has a weak random number generator the protocol vulnerable to additional attacks. – Derangement 23/12, 2012 at 2:54

This book is incorrect in that TLS did not become a standard until after 1997 and even then IE disabled it by default until IE7. – Derangement 13/1, 2015 at 6:46

@YuhongBao Could you provide a citation for this information and explain how it's relevant to the question, which specifically deals with SSLv2? – Meuser 13/1, 2015 at 6:58

Look at the date for RFC 2246 for example. – Derangement 17/1, 2015 at 20:5

That's not relevant here. SSLv2 was supplanted by SSLv3, not TLSv1, and SSLv3 was published in 1996. – Meuser 17/1, 2015 at 20:13

To add to the answer, IE 6 without service packs only runs SSL 2. IE 6 with SPs can run SSL 3. WinXP can run up to IE 8.

http://answers.microsoft.com/en-us/ie/forum/ie8-windows_other/ie6-sslv3/f942e818-ffe0-4624-88d6-58dfcdd1ddc9

http://windows.microsoft.com/en-ca/internet-explorer/ie-system-requirements#ie=ie-8

Unbelievably IE 6 is still out there, yes, even in 2014. But, frankly, if you're concerned about security, it doesn't make much sense to turn around and say, well, if you can't use a key I guess we'll just leave the door wide open. If security is important then enforce it. I know, I know, you don't want to inconvenience your clients. But seriously, update your expired XP machine already...

Overt answered 2/4, 2014 at 14:8 Comment(3)

Please see the year of the question. – Playwright 2/4, 2014 at 14:27

...and yet I was looking for the answer...this year. Stumbled upon this post in my search; just added the information I found after the fact. Old questions don't mean they don't have new readers. – Overt 9/4, 2014 at 15:31

I think IE3 support SSLv3 which is far older than IE6. – Derangement 31/1, 2015 at 1:26

-5

I believe that it depends on the underlying SSL library that is being used.

Morganne answered 19/5, 2009 at 9:0 Comment(3)

That doesn't really answer the question. – Ailsun 19/5, 2009 at 9:35

Because it depends on the library and not necessarily the browser? – Morganne 20/5, 2009 at 0:16

Given a major number for a browser you can easily answer this question. For example, Firefox Y.Z will use version X of libfoo, where version X either supports SSLv3 or not. – Lynettalynette 3/11, 2011 at 18:35

Recommended topics

Hot tags