Other implementations MAY be susceptible. It's a protocol flaw. The fix is to completely remove SSLv2. See the blog post: https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/ -- Senior Architect, Akamai Technologies IM: richsalz at jabber.at Twitter: RichSalz