Skip to content

Don’t DROWN! – Avoiding the TLS/SSL vulnerability

What is it?

DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) is a recently discovered (March 2016) vulnerability in SSL/TLS which can allow attackers to break the security SSL and TLS are supposed to provide and acquire the newly decrypted data. The flaw exploits servers which still support encryption services with TLS through SSLv2 (obsoleted for awhile). In particular, there is a substantial weakness in the OpenSSL implementation of SSLv2 which is still, sadly, widely used despite being deprecated.

This is a huge attack which impacts a tremendous amount of machine but is also something which can be remedied relatively easily. First, find out if you are vulnerable and then apply the patches or updates to get things fixed!

Am I vulnerable?

I strongly encourage you to test your sites and services here: https://drownattack.com/#check It’s a simple entry of your URL and click of the mouse to find out if you’re vulnerable and how to fix it!

How do I fix it?

https://drownattack.com will provide more information about the technical workings of the vulnerability, for those who are interested, as well as a set of resources for securing yourself.

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *