SSL 2 enabled

Description

SSL version 2 is known to have numerous security vulnerabilities, rendering it highly insecure and susceptible to attacks.

Recommendation

To mitigate security risks, disable SSL 2 and transition to more secure protocols such as TLS 1.2 or TLS 1.3.

References

• OWASP: Transport Layer Protection Cheat Sheet
• RFC 6176: Prohibiting Secure Sockets Layer (SSL) Version 2.0
• CWE-16
• CWE-326
• OWASP 2021-A5

Related Issues

• SSL 3 enabled - Vulnerability
• TLS 1.0 enabled - Vulnerability
• TLS 1.1 enabled - Vulnerability
• No Redirection from HTTP to HTTPS - Vulnerability

Tags:

SSL/TLS

Encryption

Server Misconfiguration