Staying afloat: the DROWN Attack and CloudFlare
On March 1st, 2016, John Graham-Cumming announced that CloudFlare customers are automatically protected against the DROWN Attack due to their lack of SSLv2 enabled on servers. The company's SSL configuration is published for others to use and currently accepts TLS 1.0, 1.1, and 1.2. They are proactively testing customers' origin web servers for vulnerabilities and will reach out to those with vulnerable servers. In the meantime, users should ensure that SSLv2 is fully disabled or private keys are not shared with servers still needing SSLv2.
Company
Cloudflare
Date published
March 1, 2016
Author(s)
John Graham-Cumming
Word count
99
Language
English
Hacker News points
None found.