Someone intercepting the initial message in an SSL2.0 handshake can force the server and client to agree to the weakest mutually supported encryption standard. So if you are connecting to servers that support 40 bit export-weakened encryption, and transmitting sensitive info, you could have trouble. Maybe you can disable 40/56 bit encryption in Chrome. I believe non-secure connections would then fail.
posted by BrotherCaine at 4:19 AM on September 17, 2008 [1 favorite]

Chrome (checked both the official windows version and the linux hack) does not use SSL 2.0 unless you have enabled it your self in the settings.

The only reason SSL 2.0 would be any faster than SSL 3.0/TLS 1.0 would be due to it not supporting all the security features of SSL 3.0/TLS 1.0.

There are no reason to use SSL 2.0 now as it has several serious known security weaknesses that SSL 3.0 and TLS 1.0 fixes. And SSL 3.0 has been out since 1996, so the chance that there are any old web servers out there not supporting SSL 3.0 are minimal.
posted by rpn at 4:32 AM on September 17, 2008 [2 favorites]

What IBM says:

SSL version 3.0 is an almost totally different protocol compared to SSL Version 2.0. Some of the major differences between the two protocols include:

• SSL Version 3.0 handshake protocol flows are different than SSL Version 2.0 handshake flows.
• SSL Version 3.0 uses the BSAFE 3.0 implementation from RSA Data Security, Incorporated. BSAFE 3.0 includes a number of timing attack fixes and the SHA-1 hashing algorithm. The SHA-1 hashing algorithm is considered to be more secure than the MD5 hashing algorithm. SHA-1 allows SSL Version 3.0 to support additional cipher suites which use SHA-1 instead of MD5.
• SSL Version 3.0 protocol reduces man-in-the-middle (MITM) type of attacks from occurring during SSL handshake processing. In SSL Version 2.0, it was possible, though unlikely, that a MITM attack could accomplish cipher specification weakening. Weakening the cipher could allow an unauthorized person to break the SSL session key.

posted by smackfu at 5:31 AM on September 17, 2008

Cons: SSL 2 is weaker in several significant ways.

Pros: SSL 2 has no pros and should not be used. That's precisely why it's off by default in every modern SSL application. Do not turn it on unless you know why you're turning it on. If you have to ask why you would turn it on, you do not have a reason to do so.

"...it uses SSL 2.0, as opposed to the SSL 3.0 that FF3 uses."

Once again, this simply isn't true. It supports SSL 2 only when the protocol is enabled, which is exactly the same as Firefox, not in contrast to it. (See the pref: security.enable_ssl2) The only difference is that while the Mozilla folks have -- after some number of years of having it -- decided to hide the pref to enable SSL 2 in the UI, the Google folks have elected not to hide it for some reason.
posted by majick at 7:21 AM on September 17, 2008

The only possible reason I could see to using SSL 2.0 is if the WINE implementation of Chrome is using the schannel dll (via secur32), and there is some bug related to using SSL 3.0 in that DLL. Did you check the box to enable 2.0, or was it set that way by default when you installed? The windows version of Chrome has it unchecked.

When I worked in IT I often said that "bad security is worse than no security", I can't remember if I was quoting Bruce Schneier or not. Using a 10 year old deprecated security protocol is asking for trouble. The good guys probably don't prioritize it anymore, but exploits may still be valuable to malware writers and identity thieves.
posted by BrotherCaine at 8:57 AM on September 17, 2008

This thread is closed to new comments.