This document requires that when TLS clients and servers establish connections
that they never negotiate the use of Secure Sockets Layer (SSL) version 2.0.
Working Group Summary
The draft was discussed on TLS WG mailing list and presented to the TLS WG at
IETF 78. Initially, the draft (draft-turner-ssl-must-not) contained text that
prohibited SSL 2.0 and 3.0 and provided guidance to use TLS 1.2. Based on SSL
server implementation statistics provided by WG members (there's lots of SSL 3.0
implementations) and discussions that SSL 3.0 with its mixed SHA-1/MD5 KDF is
still acceptable, the scope of the draft was significantly reduced to only
prohibit negotiation of SSL 2.0.
SSL 2.0 has in fact already been removed from many implementations. The intent
here is to formalize the retirement of SSL 2.0.
Most of the changes were based on reviews from Paul Hoffman, Simon Josefsson,
Marsh Ray, and Martin Rex. Other reviewers are noted in the acknowledgments
The document shepherd for this document is Joe Salowey <firstname.lastname@example.org>.
The responsible Area Director is Alexey Melnikov <email@example.com>.