RFC 6176 (prohibition of SSL 2.0)
E42577
RFC 6176 is an Internet Engineering Task Force (IETF) standard that formally deprecates and forbids the use of the insecure SSL 2.0 protocol in favor of more secure TLS versions.
Aliases (2)
Statements (37)
| Predicate | Object |
|---|---|
| instanceOf |
Internet Standard
→
RFC → |
| addresses |
downgrade attacks involving SSL 2.0
→
insecurity of SSL 2.0 → interoperability issues with legacy SSL 2.0 → |
| appliesTo |
SSL/TLS libraries
→
TLS implementations → applications using TLS → |
| area |
Security
→
|
| category |
Standards Track
→
|
| defines |
requirements for TLS implementations regarding SSL 2.0
→
requirements for disabling SSL 2.0 → |
| deprecates |
SSL 2.0
→
|
| focusesOn |
cryptographic protocol security
→
security → |
| intendedAudience |
implementers of TLS
→
protocol designers → security practitioners → |
| language |
English
→
|
| motivatedBy |
known vulnerabilities in SSL 2.0
→
need to migrate to TLS → |
| obsoletesProtocol |
SSL 2.0
→
|
| prohibitsUseOf |
SSL 2.0
→
|
| protocolFamily |
SSL/TLS
→
TLS → |
| publishedBy |
IETF
→
Internet Engineering Task Force → |
| publisher |
RFC Editor
→
|
| recommendsUseOf |
TLS
→
Transport Layer Security → |
| relation |
part of the TLS-related RFC series
→
|
| securityConsideration |
mitigation of protocol downgrade risks
→
prevention of use of weak cryptography in SSL 2.0 → |
| standardizes |
prohibition of SSL 2.0 in TLS clients and servers
→
|
| standardsBody |
Internet Engineering Task Force
→
|
| status |
Standards Track RFC
→
|
| title |
Prohibiting Secure Sockets Layer (SSL) Version 2.0
→
|