According to an automated test done on behalf of our merchant bank/payment gateway, we're not supposed to allow SSL v2 because of security vulnerabilities.
However, with lighty, which seems to be the preferred web server for Rails, there's no way to do this.
This message on the mailing list went unanswered:
http://thread.gmane.org/gmane.comp.web.lighttpd/3791/focus=3791
I emailed Jan Kneschke directly, but didn't get any response.
What are folks doing? Using Apache for SSL? Or ignoring the security vulnerability?
//Lars