stacksofplates last edited by stacksofplates
Just got this email from Red Hat
Red Hat Product Security has been made aware of a vulnerability in the SSLv2 protocol, which has been assigned CVE-2016-0800 and is referred to as DROWN - Decrypting RSA using Obsolete and Weakened eNcryption. All implementations of SSLv2 are affected.
DROWN is a new cross-protocol attack that can be used to passively decrypt collected TLS sessions from up-to-date clients by using a server which supports SSLv2. This issue overall is rated IMPORTANT by the Red Hat Product Security Team.
Determine if you are impacted and view the resolution in this Red Hat Customer Portal Vulnerability Response.
If you have questions or concerns, please contact Red Hat Technical Support.
Here's the link
travisdh1 last edited by
SSLv2 shouldn't be running in the first place anymore. Ref: SSL Labs Documentation
aaron-closed account Banned last edited by
This post is deleted!