Prevent SSL DROWN

DROWN (Decrypting RSA with Obsolete and Weakened encryption) is an attack on the old SSL v2 protocol version. Read here, how you can prevent SSL DROWN.

Security Assessment

Security_Assessment_PreventSSLDROWN

CVSS Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnerability Information

DROWN (Decrypting RSA with Obsolete and Weakened encryption) is an attack on the old SSL v2 protocol version. The TLS protocol suite supports the insecure SSL v2 protocol and attacks using this vulnerability can leak the session key for a captured TLS handshake.

Guides

To prevent DROWN do not use the deprecated SSL v2 protocol version. Therefore refer to: Secure TLS Configuration

For more information about Crashtest Security visit crashtest-security.com