Select Page

sslv2 vulnerability


How to block DROWN attack – Fix SSL vulnerability in Linux, Apache, Nginx, Exim and other servers

How to block DROWN attack – Fix SSL vulnerability in Linux, Apache, Nginx, Exim and other servers

On March 1, 2016, a new SSL vulnerability called DROWN (Decrypting RSA with Obsolete and Weakened Encryption) was disclosed by security researchers.

This vulnerability (aka CVE-2016-0800) allows attackers to decrypt even strong TLSv1.2 connections, if the server supports the obsolete SSLv2 protocol.
(more…)