DROWN (CVE-2016-0800)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: DROWN (CVE-2016-0800)
From: rsalz@xxxxxxxxxx (Salz, Rich)
Date: Wed, 2 Mar 2016 20:38:30 +0000
In-reply-to: <D358E5B1511A314F8160ADC6F37549873438A50C@XYSVEX02.XYPRO-23.LOCAL>
References: <D358E5B1511A314F8160ADC6F37549873438A438@XYSVEX02.XYPRO-23.LOCAL> <52781b82c4964df7bd8d76b691299785@usma1ex-dag1mb1.msg.corp.akamai.com> <D358E5B1511A314F8160ADC6F37549873438A50C@XYSVEX02.XYPRO-23.LOCAL>

> am [I] still vulnerable to this if my customer's server is not up to date?

Yes, maybe.

If you use SSL3/TLS without PFS ciphers, then someone who has captured the traffic can send SSLv2 messages to the server and decrypt your traffic.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Follow-Ups:
- DROWN (CVE-2016-0800)
  - From: Jeffrey Walton

References:
- DROWN (CVE-2016-0800)
  - From: Scott Neugroschl
- DROWN (CVE-2016-0800)
  - From: Salz, Rich
- DROWN (CVE-2016-0800)
  - From: Scott Neugroschl

Prev by Date: recommended build options
Next by Date: DROWN (CVE-2016-0800)
Previous by thread: DROWN (CVE-2016-0800)
Next by thread: DROWN (CVE-2016-0800)
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Security] [Bugtraq] [Linux] [Linux OMAP] [Linux MIPS] [ECOS] [Asterisk Internet PBX] [Linux API]

Powered by Linux