Firefox Moving On From SSL 2.0

Juha-Matti Laurio writes "Plans are afoot to remove support for SSL version 2.0 in Mozilla Firefox, reports MozillaZine portal. Mozilla Foundation is eager to disable support for SSL 2.0 and have all Firefox installations use only the newer and more secure SSL 3.0 and TLS 1.0 protocols." From the post: "Netscape Communications Corporation introduced SSL 2.0 with the launch of Netscape Navigator 1.0 in 1994. Netscape Navigator 2.0 included support for SSL 3.0 when it was released in 1996. The specification for TLS 1.0, essentially a standardized version of SSL 3.0 with some differences, was published in 1999."

Online banking

[Saiyine]

How will this affect the end user? Will it break the online banking webs?

--
Superb hosting 4800MB Storage, 120GB bandwidth, $7,95.
Kunowalls!!! Random sexy wallpapers (NSFW!).

Re:Online banking

[ergo98]

So in this case, it SHOULD have been replaced due to its age, not to mention its insecurity.

No, it sould have been replaced due to its insecurity. Period.

The age thing is the same sort of lame distraction that makes crypto-naives rush to whatever newly announced algorithm comes out, burning themselves when it is vetted and found to have dozens of weaknesses. You original message clearly put all of the emphasis on the age factor as if we all need to carbon date all of the technologies we use to determine worthiness.

Positive

[Red+Flayer]

Good move by Mozilla.

At the very least, this has prompted more attention to the fact that SSL 2.0 is not so secure.

Even if some sites continue to use it, it is never a bad idea to bring attention to a flawed security system when a fix is easily available.

Of course, some of us now might have to have two legacy browsers installed in order to use all the sites we want to (IE & an older FF) -- unless SSL 2.0 is reversibly disabled.