Don't DROWN! – Avoiding the TLS/SSL vulnerability

What is it?

DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) is a significant vulnerability in SSL/TLS that was discovered in March 2016. The bad part? It can break the very security that SSL and TLS are meant to provide, letting attackers snag your decrypted data.

The problem comes from servers that still support SSLv2 (an old, obsolete protocol) alongside modern TLS. There's a particularly bad weakness in OpenSSL's implementation of SSLv2 that's still hanging around on way too many servers, even though it should've been retired ages ago.

The good newparts? While this affects a huge number of systems out there, it's actually pretty straightforward to fix.

Am I vulnerable?

Head over to DROWN Attack Checker and test your sites. It's super simple - just pop in your URL, click a button, and you'll know if you're at risk and what to do about it.

How do I fix it?

The DROWN Attack website has everything you need: - Technical details if you want to dive deep into how the vulnerability works - Step-by-step instructions for securing your systems - Resources for further reading

Quick Tip: The most important step is usually disabling SSLv2 support and updating your OpenSSL installation.