What browsers only support SSLv2?

Question

What browsers only use SSLv2? I'm planning to disable SSLv2 on our web server, and would want to know what browsers will be affected. I can't find anywhere what SSL versions Firefox 1/2 and IE6/7 support.

http://stackoverflow.com/questions/64621/am-i-turning-away-customers-by-disabling-ssl-2-0-and-pct-1-0-in-iis5 — erickson, May 21 '09 at 14:18

score 33 · Accepted Answer · answered May 20 '09 at 14:39

33

According to the book, Data Center Fundamentals, page 369, SSLv3 support was added in Netscape 2.x and Internet Explorer 3.x, and TLS was added in Netscape 4.x and Internet Explorer 4.x.

So, SSLv3 support has been widely available since 1995–1996.

My working assumption is that SSLv2-only browsers are not found outside a museum.

answered May 20 '09 at 14:39

erickson

265,237
58
395
493

And also note that most version of Netscape 1.x that supports SSLv2 has a weak random number generator the protocol vulnerable to additional attacks. – Yuhong Bao Dec 23 '12 at 02:54
This book is incorrect in that TLS did not become a standard until after 1997 and even then IE disabled it by default until IE7. – Yuhong Bao Jan 13 '15 at 06:46
@YuhongBao Could you provide a citation for this information and explain how it's relevant to the question, which specifically deals with SSLv2? – erickson Jan 13 '15 at 06:58
Look at the date for RFC 2246 for example. – Yuhong Bao Jan 17 '15 at 20:05
That's not relevant here. SSLv2 was supplanted by SSLv3, not TLSv1, and SSLv3 was published in 1996. – erickson Jan 17 '15 at 20:13

score 3 · Answer 2 · answered Apr 02 '14 at 14:08

3

To add to the answer, IE 6 without service packs only runs SSL 2. IE 6 with SPs can run SSL 3. WinXP can run up to IE 8.

http://answers.microsoft.com/en-us/ie/forum/ie8-windows_other/ie6-sslv3/f942e818-ffe0-4624-88d6-58dfcdd1ddc9

http://windows.microsoft.com/en-ca/internet-explorer/ie-system-requirements#ie=ie-8

Unbelievably IE 6 is still out there, yes, even in 2014. But, frankly, if you're concerned about security, it doesn't make much sense to turn around and say, well, if you can't use a key I guess we'll just leave the door wide open. If security is important then enforce it. I know, I know, you don't want to inconvenience your clients. But seriously, update your expired XP machine already...

answered Apr 02 '14 at 14:08

FreeText

339
3
7

Please see the year of the question. – Kijewski Apr 02 '14 at 14:27
4

...and yet I was looking for the answer...this year. Stumbled upon this post in my search; just added the information I found after the fact. Old questions don't mean they don't have new readers. – FreeText Apr 09 '14 at 15:31
I think IE3 support SSLv3 which is far older than IE6. – Yuhong Bao Jan 31 '15 at 01:26

score -5 · Answer 3 · answered May 19 '09 at 09:00

-5

I believe that it depends on the underlying SSL library that is being used.

answered May 19 '09 at 09:00

sybreon

3,128
18
19

2

That doesn't really answer the question. – ksuralta May 19 '09 at 09:35
Because it depends on the library and not necessarily the browser? – sybreon May 20 '09 at 00:16
1

Given a major number for a browser you can easily answer this question. For example, Firefox Y.Z will use version X of libfoo, where version X either supports SSLv3 or not. – Kristopher Ives Nov 03 '11 at 18:35

What browsers only support SSLv2?

3 Answers3

Linked