DROWN (CVE-2016-0800)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: DROWN (CVE-2016-0800)
From: rsalz@xxxxxxxxxx (Salz, Rich)
Date: Wed, 2 Mar 2016 18:21:41 +0000
In-reply-to: <D358E5B1511A314F8160ADC6F37549873438A438@XYSVEX02.XYPRO-23.LOCAL>
References: <D358E5B1511A314F8160ADC6F37549873438A438@XYSVEX02.XYPRO-23.LOCAL>

Other implementations MAY be susceptible.  It's a protocol flaw.

The fix is to completely remove SSLv2.  See the blog post:  https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/

--  
Senior Architect, Akamai Technologies
IM: richsalz at jabber.at Twitter: RichSalz

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Follow-Ups:
- DROWN (CVE-2016-0800)
  - From: Scott Neugroschl

References:
- DROWN (CVE-2016-0800)
  - From: Scott Neugroschl

Prev by Date: DROWN (CVE-2016-0800)
Next by Date: Guidance on proper usage of OpenSSL_add_all_digests
Previous by thread: DROWN (CVE-2016-0800)
Next by thread: DROWN (CVE-2016-0800)
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Security] [Bugtraq] [Linux] [Linux OMAP] [Linux MIPS] [ECOS] [Asterisk Internet PBX] [Linux API]

Powered by Linux