54BD 783A 27D2 85C1 C46D 5A02 3651 ADE3 E402 9FC2

We would like to bring to your attention the latest SSL/TLS vulnerability known as the DROWN (Decrypting RSA using Obsolete and Weakened eNcryption) attack1. Although there is much hype around such vulnerabilities it is rated as important and seems serious enough for us to send out this alert particularly as the tester identifies weak SSL configurations / vulnerable library versions which may be subject to other vulnerabilities.

For more information


Test your site(s) here and mitigate if vulnerable:

Generally mitigation involves disabling support for SSLv2 and possibly updating SSL libraries (e.g. OpenSSL). Shared keys/certificates with a vulnerable server also presents risk. For more specific directions please consult your specific OS reference (e.g.2).

Further reading


1CVE-2016-0800: Vulnerability Summary

2Red Hat: DROWN – Cross-protocol attack on TLS using SSLv2