[cryptography] no, don't advertise that you support SSLv2!

shawn wilson ag4ve.us at gmail.com
Tue Aug 4 04:20:37 EDT 2015


Yahoo has always had lax security (weak spam filters, no bad pass lock, no
attachment virus scan). But as a news site (as long as their reporters get
to have better security), they don't do bad.
On Aug 3, 2015 10:03 PM, "Patrick Pelletier" <code at funwithsoftware.org>
wrote:

> I was on an e-commerce site today, and was horrified when I saw the
> following badge:
>
> https://lib.store.yahoo.net/lib/yhst-11870311283124/secure.gif
>
> Did they still have SSLv2 enabled?  I checked, and luckily they don't:
>
> https://www.ssllabs.com/ssltest/analyze.html?d=us-dc2-order.store.yahoo.net
>
> So, it's not as bad as their badge claims, but still, they only get a C.
> (They support only one version: TLS 1.0.)  I would've thought a big Web
> property like Yahoo could do better.  :(
>
> --Patrick
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20150804/ea0f1c85/attachment.html>


More information about the cryptography mailing list