What browsers only use SSLv2? I'm planning to disable SSLv2 on our web server, and would want to know what browsers will be affected. I can't find anywhere what SSL versions Firefox 1/2 and IE6/7 support.
SSLv2 is an older implementation of the Secure Sockets Layer protocol. It suffers from a number of security flaws allowing attackers to capture and alter information passed between a client and the server, including the following weaknesses: No protection from against man-in-the-middle attacks during the handshake.
According to the book, Data Center Fundamentals, page 369, SSLv3 support was added in Netscape 2.x and Internet Explorer 3.x, and TLS was added in Netscape 4.x and Internet Explorer 4.x.
So, SSLv3 support has been widely available since 1995–1996.
My working assumption is that SSLv2-only browsers are not found outside a museum.
To add to the answer, IE 6 without service packs only runs SSL 2. IE 6 with SPs can run SSL 3. WinXP can run up to IE 8.
http://answers.microsoft.com/en-us/ie/forum/ie8-windows_other/ie6-sslv3/f942e818-ffe0-4624-88d6-58dfcdd1ddc9
http://windows.microsoft.com/en-ca/internet-explorer/ie-system-requirements#ie=ie-8
Unbelievably IE 6 is still out there, yes, even in 2014. But, frankly, if you're concerned about security, it doesn't make much sense to turn around and say, well, if you can't use a key I guess we'll just leave the door wide open. If security is important then enforce it. I know, I know, you don't want to inconvenience your clients. But seriously, update your expired XP machine already...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With