[lug] apache config, TLSv1 versus SSLv2?

David L. Anselmi anselmi at anselmi.us
Sun Sep 4 14:59:07 MDT 2005


David L. Anselmi wrote:
> Lee Woodworth wrote:
> [...]
> 
>> TLS 1 is essentially SSL 3. TLS is a 'standard' while SSL is a
>> netscape specification. SSL 2 has security issues so I wouldn't
>> allow it for the server or for your browser.
> 
> Is that a vulnerability in the SSL v2 protocol, or in some 
> implementations of it?  Do you have any details?

Never mind.  There are protocol vulnerabilities (and not that easy to 
find a concise description of them).  But some are here:

http://www.cs.bham.ac.uk/~mdr/teaching/modules03/security/students/SS8a/SSLTLS.html

(and some of what's there applies to TLS).

Dave



More information about the LUG mailing list