Slashdot Mirror
Firefox Moving On From SSL 2.0
Juha-Matti Laurio writes "Plans are afoot to remove support for SSL version 2.0 in Mozilla Firefox, reports MozillaZine portal. Mozilla Foundation is eager to disable support for SSL 2.0 and have all Firefox installations use only the newer and more secure SSL 3.0 and TLS 1.0 protocols." From the post: "Netscape Communications Corporation introduced SSL 2.0 with the launch of Netscape Navigator 1.0 in 1994. Netscape Navigator 2.0 included support for SSL 3.0 when it was released in 1996. The specification for TLS 1.0, essentially a standardized version of SSL 3.0 with some differences, was published in 1999."
How will this affect the end user? Will it break the online banking webs?
--
Superb hosting 4800MB Storage, 120GB bandwidth, $7,95.
Kunowalls!!! Random sexy wallpapers (NSFW!).
Hosting 20G hd, 1Tb bw! ssh $7.95
Good move by Mozilla.
At the very least, this has prompted more attention to the fact that SSL 2.0 is not so secure.
Even if some sites continue to use it, it is never a bad idea to bring attention to a flawed security system when a fix is easily available.
Of course, some of us now might have to have two legacy browsers installed in order to use all the sites we want to (IE & an older FF) -- unless SSL 2.0 is reversibly disabled.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
The problem with Mozilla is that they're so swamped with bugs that some developers at least seem to have stopped caring about *any* bugs at all whatsoever anymore - to the point where they will not only not fix them, but actively try to prevent others from fixing them. Give bug 18574 a look some time, for example...
Unfortunately, there's not really much you can do. Firefox *is* wildly popular, so those at the top of the Mozilla foundation (Asa Dotzler etc.) don't even realise that some things are going wrong - they've stopped listening to the people, just like Microsoft has, after convincing themselves that those who disagree are just a small bunch of disgruntled nay-sayers. Considering Firefox' popularity, that's not a difficult thing to do, but it's still wrong - you should always listen to your users.
Unfortunately, it seems that Mozilla is heading further in this direction, with the creation of a new for-profit company that's supposed to take over from the non-profit organisation and all that. I fear that this will be used as an excuse to listen to the actual users even less - and I don't doubt that this new incarnation of Netscape (which is what it'll be, essentially) will reward Asa and co with a nice monthly sum for the whole thing, too.
In the end, what it really boils down to is PR vs. the actual product - if PR (i.e., telling people that your product is good) is more important than actually *making* your product good, everyone loses. The only exception are those at the top of the pyramid who make money that way - but the actual users will lose out, and that's even sadder when you consider that projects with more PR will usually attract more users, too.
Microsoft (Windows), Mozilla, MySQL - this is what they all have in common. They're all not really all that great at what they're supposed to do, but there's so much PR that they're still successful. And unlike with Windows and MySQL, where you have Linux/*BSD and PostgreSQL as free and better alternatives, there seems to be no real alternative to Mozilla - Opera is payware, Konqueror only runs on Linux/KDE, Safari is for OS X etc. Where is the free, no-crap browser for Windows? There seems to be none.
quidquid latine dictum sit altum videtur.