GNOME Bugzilla – Bug 310272
SSLv2 must be deactivated by default
Last modified: 2005-08-21 17:39:40 UTC
Hi, SSLv2 has major security flaws, please disable it by default. This can be done by adding the following text to default-prefs.js: // disable SSLv2, it has security issues pref("security.enable_ssl2", false); See this thread for details: http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/2005-April/thread.html#22 Bye,
This is for the NSS guys to decide, https://bugzilla.mozilla.org/show_bug.cgi?id=247830 . I tried this once, but go a complaint (that site has since been fixed, but there still are others that are ssl2 only).
Hmmm, maybe you skipped that in the thread but: - Firefox, and Galeon already do this, - it's *very* insecure. If you got complaints on that support, you can tell them about user.js, or about:config, or even add an /etc override file, this would be more elegant a solution to the problem. (Firefox has UI in the prefs for that, but I know how painful that can be to add.) Bye,
Firefox does not disable SSL v2: http://lxr.mozilla.org/seamonkey/source/netwerk/base/public/security-prefs.js#3
Oh sorry, it's disabled in the Debian package.
We'll use the upstream SSL prefs.