[lug] apache config, TLSv1 versus SSLv2?
David L. Anselmi
anselmi at anselmi.us
Sun Sep 4 14:59:07 MDT 2005
David L. Anselmi wrote:
> Lee Woodworth wrote:
> [...]
>
>> TLS 1 is essentially SSL 3. TLS is a 'standard' while SSL is a
>> netscape specification. SSL 2 has security issues so I wouldn't
>> allow it for the server or for your browser.
>
> Is that a vulnerability in the SSL v2 protocol, or in some
> implementations of it? Do you have any details?
Never mind. There are protocol vulnerabilities (and not that easy to
find a concise description of them). But some are here:
http://www.cs.bham.ac.uk/~mdr/teaching/modules03/security/students/SS8a/SSLTLS.html
(and some of what's there applies to TLS).
Dave
More information about the LUG
mailing list