0

I found out my server has SSL v2 enabled. Which is bad. I can't do anything about this as I am on shared hosting (albeit with dedicated IP address).

But when I connect with my browser (chrome and IE11) I see it uses TLS. So my question is, is SSLv2 only used when a really old browser is connecting to the server? Am I right in assuming if someone is connecting with any reasonably in date browser, TLS is likely to be used?

mattbloke
  • 177
  • 10
  • You can complain to the hosting provider. SSLv2 was declared insecure nearly 20 years ago. – user207421 Mar 05 '14 at 20:19
  • it's 1&1. they are a pretty big company so I do not understand why they still do it. I will raise it with them as you suggest – mattbloke Mar 05 '14 at 21:53

1 Answers1

2

Yes and no. A recent browser will connect with TLS to the server, but if somebody can arrange a man-in-the-middle attack he can enforce SSLv2. For more information see https://superuser.com/questions/246074/ssl-whats-the-reason-for-disabling-ssl-v2-support

Community
  • 1
  • 1
Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172