gistfile1.txt

The remote service appears to encrypt traffic using SSL protocol version 2.

Netscape Communications Corporation introduced SSL 2.0 with the launch of Netscape Navigator 1.0 in 1994 and it contains several well-known weaknesses. For example, SSLv2 doesn't provide any protection against man-in-the-middle attacks during the handshake, and uses the same cryptographic keys for message authentication and for encryption.

In Internet Explorer 7, the default HTTPS protocol settings are changed to disable the weaker SSLv2 protocol and to enable the stronger TLSv1 protocol. By default, IE7 users will only negotiate HTTPS connections using SSLv3 or TLSv1. Mozilla Firefox is expected to drop support for SSLv2 in its upcoming versions.

As almost all modern browsers support SSLv3, disabling support for the weaker SSL method should have minimal impact. The following browsers support SSLv3:

# Internet Explorer 5.5 or higher (PC)
# Internet Explorer 5.0 or higher (Mac)
# Netscape 2.0 (Domestic) or higher (PC/Mac)
# Firefox 0.8 or higher (PC/Mac/Linux)
# Mozilla 1.7 or higher (PC/Mac/Linux)
# Camino 0.8 or higher (Mac)
# Safari 1.0 or higher (Mac)
# Opera 1.7 or higher (PC/Mac)
# Omniweb 3.0 or higher (Mac)
# Konqueror 2.0 or higher (Linux)

Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. Consult your documentation to identify how to reconfigure the affected application to avoid use of weak ciphers. Some knowledge base articles are listed below.

Apache Implementation:
In Apache, you need to modify the SSLCipherSuite directive in the httpd.conf or ssl.conf file. An example would be editing the following lines to something like:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP