[cryptography] no, don't advertise that you support SSLv2!

Kevin kevinsisco61784 at gmail.com
Tue Aug 4 13:31:39 EDT 2015


On 8/4/2015 12:29 AM, Patrick Pelletier wrote:
> I was on an e-commerce site today, and was horrified when I saw the 
> following badge:
>
> https://lib.store.yahoo.net/lib/yhst-11870311283124/secure.gif
>
> Did they still have SSLv2 enabled?  I checked, and luckily they don't:
>
> https://www.ssllabs.com/ssltest/analyze.html?d=us-dc2-order.store.yahoo.net 
>
>
> So, it's not as bad as their badge claims, but still, they only get a 
> C.  (They support only one version: TLS 1.0.)  I would've thought a 
> big Web property like Yahoo could do better.  :(
>
> --Patrick
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
It is worth pointing this out to them.


---
This email has been checked for viruses by Avast antivirus software.
http://www.avast.com



More information about the cryptography mailing list