To protect against DROWN, sysadmins need to disable the user of the obsolete and unsecure protocol SSLv2 on web servers, mail servers and any software that uses and supports SSL/TLS. Make sure that your SSL certificate private keys are not used for any service where SSLv2 is enabled as this would enable an attacker to compromise the key.
Deductive Labs takes security seriously and we don’t use SSLv2 on any of our servers and only accept TLS1.1 and 1.2. We decided to publish our Nginx SSL configurations in our GitHub sslconfig repository so that others can read and use it if needed.
The original DROWN research paper can be found here