Skip to main content

Prohibiting Secure Sockets Layer (SSL) Version 2.0
RFC 6176

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc: Internet Architecture Board <>,
    RFC Editor <>,
    tls mailing list <>,
    tls chair <>
Subject: Protocol Action: 'Prohibiting SSL Version 2.0' to Proposed Standard (draft-ietf-tls-ssl2-must-not-04.txt)

The IESG has approved the following document:
- 'Prohibiting SSL Version 2.0'
  (draft-ietf-tls-ssl2-must-not-04.txt) as a Proposed Standard

This document is the product of the Transport Layer Security Working

The IESG contact persons are Alexey Melnikov and Tim Polk.

A URL of this Internet Draft is:

Ballot Text

Technical Summary

   This document requires that when TLS clients and servers establish connections
   that they never negotiate the use of Secure Sockets Layer (SSL) version 2.0.

Working Group Summary

   The draft was discussed on TLS WG mailing list and presented to the TLS WG at
   IETF 78. Initially, the draft (draft-turner-ssl-must-not) contained text that
   prohibited SSL 2.0 and 3.0 and provided guidance to use TLS 1.2. Based on SSL
   server implementation statistics provided by WG members (there's lots of SSL 3.0
   implementations) and discussions that SSL 3.0 with its mixed SHA-1/MD5 KDF is
   still acceptable, the scope of the draft was significantly reduced to only
   prohibit negotiation of SSL 2.0.

Document Quality

   SSL 2.0 has in fact already been removed from many implementations. The intent
   here is to formalize the retirement of SSL 2.0.

   Most of the changes were based on reviews from Paul Hoffman, Simon Josefsson,
   Marsh Ray, and Martin Rex. Other reviewers are noted in the acknowledgments


   The document shepherd for this document is Joe Salowey <>.
   The responsible Area Director is Alexey Melnikov <>. 

RFC Editor Note