Apparently SSL v2 is vulnerable to man-in-the-middle attacks, but it’s only used by obsolete browsers (IE v6) and it can’t leak your data if you don’t use it. So this particular vulnerability is not one I personally need to worry about, but secure servers are supposed to have SSL v2 disabled—and if it isn’t, it generally means that the people who set up the server either don’t know what they’re doing or don’t care.
I think Eugine_Nier means to imply (and I would agree) that anybody using SSL2 is incompetent when it comes to security.
If you have a significant amount of money in your account, I recommend asking your bank about multi-factor authentication. I had to pay a small fee for it, but Wells Fargo gave me an RSA token for my accounts. Its use is required when transferring funds to other banks. So even if my password is stolen, my money is safe. Silicon Valley Bank has a similar scheme using SMS authentication.
My bank’s web server got an “F” on the Qualys SSL Labs test because it supports SSL v2. Should I be worried?
Probably, but not about Heartbleed.
Apparently SSL v2 is vulnerable to man-in-the-middle attacks, but it’s only used by obsolete browsers (IE v6) and it can’t leak your data if you don’t use it. So this particular vulnerability is not one I personally need to worry about, but secure servers are supposed to have SSL v2 disabled—and if it isn’t, it generally means that the people who set up the server either don’t know what they’re doing or don’t care.
I think Eugine_Nier means to imply (and I would agree) that anybody using SSL2 is incompetent when it comes to security.
If you have a significant amount of money in your account, I recommend asking your bank about multi-factor authentication. I had to pay a small fee for it, but Wells Fargo gave me an RSA token for my accounts. Its use is required when transferring funds to other banks. So even if my password is stolen, my money is safe. Silicon Valley Bank has a similar scheme using SMS authentication.
Update: The bank uses a separate domain name for “online banking” services. That one got an A-.