I believe that you have to explicitly allow the SSLv2 ciphers if you want to enable the use of the old, insecure, hackable, crackable, and almost-completely-worthless-from-a-security-standpoint protocol that is SSLv2.
Please don't use SSLv2. The sooner everyone moves away from it the sooner its embarassment can just go away. :) (All joking aside, though, SSLv2 really shouldn't be used anymore. It especially shouldn't be used for new deployments since many not-so-theoretical attacks have been documented against it.) -Kyle H On Thu, Apr 10, 2008 at 4:08 PM, Jonathan Thompson <[EMAIL PROTECTED]> wrote: > > Quick question that I can't seem to find any info about. > > I've got a server implementing SSLv23_server_method. However, on > Windows 2000 < Service Pack 4 the server returns a failed handshake > right after the SSLv2 Client Hello and then FIN/ACKs the client. > > If I force the server into SSLv2_server_method it works just fine. Am I > missing something? > > Thanks, > -Jon > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
