According to an automated test done on behalf of our merchant
bank/payment gateway, we're not supposed to allow SSL v2 because of
security vulnerabilities.
However, with lighty, which seems to be the preferred web server for
Rails, there's no way to do this.
This message on the mailing list went unanswered:
http://thread.gmane.org/gmane.comp.web.lighttpd/3791/focus=3791
I emailed Jan Kneschke directly, but didn't get any response.
What are folks doing? Using Apache for SSL? Or ignoring the security
vulnerability?
//Lars
