[cryptography] no, don't advertise that you support SSLv2!

Patrick Pelletier code at funwithsoftware.org
Tue Aug 4 00:29:43 EDT 2015

I was on an e-commerce site today, and was horrified when I saw the 
following badge:


Did they still have SSLv2 enabled?  I checked, and luckily they don't:


So, it's not as bad as their badge claims, but still, they only get a 
C.  (They support only one version: TLS 1.0.)  I would've thought a big 
Web property like Yahoo could do better.  :(


More information about the cryptography mailing list