Are you DROWNing?

Posted 01.03.2016 in Security by Kim Halavakoski


Today a new SSL attack was released named DROWN Attack. DROWN stands for Decrypting RSA with Obsolete and Weakened eNcryption. You can read all the nasty details here DROWN Attack (CVE-2016-0800)

To protect against DROWN, sysadmins need to disable the user of the obsolete and unsecure protocol SSLv2 on web servers, mail servers and any software that uses and supports SSL/TLS. Make sure that your SSL certificate private keys are not used for any service where SSLv2 is enabled as this would enable an attacker to compromise the key.

Deductive Labs takes security seriously and we don’t use SSLv2 on any of our servers and only accept TLS1.1 and 1.2. We decided to publish our Nginx SSL configurations in our GitHub sslconfig repository so that others can read and use it if needed.

The original DROWN research paper can be found here






Written by Kim Halavakoski

Kim is a hacker-minded, technology-geek that loves challenges. Having worked in the IT-industry for over a decade in ISP and large-scale financial networks configuring firewalls, networks, security technologies, log management/SIEM, automation, assessing risks and writing policies and governance processes.

Related articles

New Cybersecurity training from Deductive Labs in collaboration with Seably and Alandia

When it comes to dealing efficiently with the challenges presented by the global market, the maritime industry is increasingly dependent on technological innovation. This is why the maritime industry is…

We would like to order a piece of Cyber Security!

At this moment there are not many people in the maritime business that have not heard about the upcoming IMO regulation, Resolution MSC.428(98), regarding Maritime Cyber Security. Cyber Risk Management…

Maritime Cybersecurity and IMO regulations

Cybersecurity is currently hot-topic in the Maritime industry due to the upcoming enforcement of the IMO cybersecurity risk resolution from the beginning of 2021. The IMO resolution Resolution MSC.428(98) -…