/plushcap/analysis/cloudflare/the-drown-attack

Staying afloat: the DROWN Attack and CloudFlare

What's this blog post about?

On March 1st, 2016, John Graham-Cumming announced that CloudFlare customers are automatically protected against the DROWN Attack due to their lack of SSLv2 enabled on servers. The company's SSL configuration is published for others to use and currently accepts TLS 1.0, 1.1, and 1.2. They are proactively testing customers' origin web servers for vulnerabilities and will reach out to those with vulnerable servers. In the meantime, users should ensure that SSLv2 is fully disabled or private keys are not shared with servers still needing SSLv2.

Company
Cloudflare

Date published
March 1, 2016

Author(s)
John Graham-Cumming

Word count
99

Hacker News points
None found.

Language
English


By Matt Makai. 2021-2024.