Netscape Communications invented Secure Sockets Layer (SSL) protocol in 1994. It has been de facto standard for cryptographic protocol since then. Over the years the protocol has evolved (SSLv2.0 -> SSLv3.0 -> TLSv1.0 -> TLSv1.1 -> TLSv1.2) to increase security.
Today, SSLv2.0 no longer provides a sufficiently high level of security. SSLv2.0 deficiencies include the following:
Message authentication uses MD5. Most security-aware users have already moved away from any use of MD5.
Handshake messages are not protected. This permits a man-in-the-middle to trick the client into picking a weaker cipher suite than it would normally choose.
Message integrity and message encryption use the same key, which is a problem if the client and server negotiate a weak encryption algorithm.
Sessions can be easily terminated. A man-in-the-middle can easily insert a TCP FIN to close the session, and the peer is unable to determine whether or not it was a legitimate end of the session.
It's been over 20 years since SSLv2.0 was published, and it's been over 5 years since RFC 6176 deprecated SSLv2.0. However many people are still using the protocol, even though they might not be aware of it.
In June 2016, less than 2% of firewalls reported receiving SSLv2.0 Server Hello message:
In June 2016, more than 40% of firewalls reported receiving SSLv2.0 Client Hello message:
SSLv2.0 is insecure and can damage the system. I would like to urges all our customers to review their (client/server) software settings and stop using SSLv2.0 immediately.