Friday, January 13, 2017

On Security: Is your site still drown - ing?

If you are using the same certificate in several servers and just one of them happens to have SSLv2 enabled then all of your servers are vulnerable to the DROWN attack. Do not be misled by results from tools like nmap or sslyze. Better to not have shared keys and make sure of course SSLv2 is not allowed in any of your servers.

No comments: