Description
SSL version 2 is known to have numerous security vulnerabilities, rendering it highly insecure and susceptible to attacks.
Recommendation
To mitigate security risks, disable SSL 2 and transition to more secure protocols such as TLS 1.2 or TLS 1.3.
References
- OWASP: Transport Layer Protection Cheat Sheet
- RFC 6176: Prohibiting Secure Sockets Layer (SSL) Version 2.0
- CWE-16
- CWE-326
- OWASP 2021-A5
Related Issues
- SSL 3 enabled - Vulnerability
- TLS 1.0 enabled - Vulnerability
- TLS 1.1 enabled - Vulnerability
- No Redirection from HTTP to HTTPS - Vulnerability
- Tags:
- SSL/TLS
- Encryption
- Server Misconfiguration
Anything's wrong? Let us know Last updated on May 13, 2024