SSL 2.0 and DROWN

Posted by on April 4, 2016 0 comments

A team of researchers has announced a vulnerability with SSL 2.0 called Decrypting RSA with Obsolete and Weakened eNcryption; otherwise known as DROWN. SSL 2.0 is a version of the SSL/TLS security protocols. It was released in February 1995, but due to security flaws was superseded by SSL 3.0 in 1996. DROWN is a cross-protocol attack where the bugs in SSL 2.0 can be used to attack the security of connections that use TLS. The vulnerability applies to servers: Configured to use SSL 2.0 Some versions of OpenSSL with SSL 2.0 disabled even with all SSL 2.0 cipher suites removed Servers using the...

Read More