[openssl-users] DROWN (CVE-2016-0800)

Salz, Rich rsalz at akamai.com
Wed Mar 2 18:21:41 UTC 2016


Other implementations MAY be susceptible.  It's a protocol flaw.

The fix is to completely remove SSLv2.  See the blog post:  https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/

--  
Senior Architect, Akamai Technologies
IM: richsalz at jabber.at Twitter: RichSalz




More information about the openssl-users mailing list