Category Archives: Security

SSLv2, why are you still around?

What

The SSLv2 protocol is an obsolete version of SSL that has been deprecated since 1996 2011 due to having several security flaws. Current standards (2016) are SSL 3.0 and TLS 1.0TLS1.0-1.2 with SSL being fully deprecated, however, a common finding in Nessus scans of web servers SSLv2 is still enabled. IIS through v7 and Apache with OpenSSL prior to v1.0 have it enabled by default.

Continue reading SSLv2, why are you still around?