27

What browsers only use SSLv2? I'm planning to disable SSLv2 on our web server, and would want to know what browsers will be affected. I can't find anywhere what SSL versions Firefox 1/2 and IE6/7 support.

Improve this question
1

3 Answers 3

Reset to default
33

According to the book, Data Center Fundamentals, page 369, SSLv3 support was added in Netscape 2.x and Internet Explorer 3.x, and TLS was added in Netscape 4.x and Internet Explorer 4.x.

So, SSLv3 support has been widely available since 1995–1996.

My working assumption is that SSLv2-only browsers are not found outside a museum.

Improve this answer
5
  • And also note that most version of Netscape 1.x that supports SSLv2 has a weak random number generator the protocol vulnerable to additional attacks.
    – Yuhong Bao
    Commented Dec 23, 2012 at 2:54
  • This book is incorrect in that TLS did not become a standard until after 1997 and even then IE disabled it by default until IE7.
    – Yuhong Bao
    Commented Jan 13, 2015 at 6:46
  • @YuhongBao Could you provide a citation for this information and explain how it's relevant to the question, which specifically deals with SSLv2?
    – erickson
    Commented Jan 13, 2015 at 6:58
  • Look at the date for RFC 2246 for example.
    – Yuhong Bao
    Commented Jan 17, 2015 at 20:05
  • That's not relevant here. SSLv2 was supplanted by SSLv3, not TLSv1, and SSLv3 was published in 1996.
    – erickson
    Commented Jan 17, 2015 at 20:13
3

To add to the answer, IE 6 without service packs only runs SSL 2. IE 6 with SPs can run SSL 3. WinXP can run up to IE 8.

http://answers.microsoft.com/en-us/ie/forum/ie8-windows_other/ie6-sslv3/f942e818-ffe0-4624-88d6-58dfcdd1ddc9

http://windows.microsoft.com/en-ca/internet-explorer/ie-system-requirements#ie=ie-8

Unbelievably IE 6 is still out there, yes, even in 2014. But, frankly, if you're concerned about security, it doesn't make much sense to turn around and say, well, if you can't use a key I guess we'll just leave the door wide open. If security is important then enforce it. I know, I know, you don't want to inconvenience your clients. But seriously, update your expired XP machine already...

Improve this answer
3
  • Please see the year of the question.
    – Kijewski
    Commented Apr 2, 2014 at 14:27
  • 4
    ...and yet I was looking for the answer...this year. Stumbled upon this post in my search; just added the information I found after the fact. Old questions don't mean they don't have new readers.
    – FreeText
    Commented Apr 9, 2014 at 15:31
  • I think IE3 support SSLv3 which is far older than IE6.
    – Yuhong Bao
    Commented Jan 31, 2015 at 1:26
-5

I believe that it depends on the underlying SSL library that is being used.

Improve this answer
3
  • 2
    That doesn't really answer the question.
    – ksuralta
    Commented May 19, 2009 at 9:35
  • Because it depends on the library and not necessarily the browser?
    – sybreon
    Commented May 20, 2009 at 0:16
  • 1
    Given a major number for a browser you can easily answer this question. For example, Firefox Y.Z will use version X of libfoo, where version X either supports SSLv3 or not.
    – Kristopher Ives
    Commented Nov 3, 2011 at 18:35

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.