DROWN SSL Vulnerability

Continue reading if you are a Dedicated Server client without managed hosting from us. If you do not have a dedicated server with us and just hosted solutions, no need to read on we have already patched your network and server space.

What is DROWN SSL vulnerability

The DROWN vulnerability is an exploit that allows for remote decryption of SSL communications even if they’re protected by more advanced cipher suites.

What systems are affected?

Anyone who uses SSL for any services including, but not limited to, HTTPS or IMAPS should err on the side of caution and assume they’re vulnerable to this exploit.

What should you do?

  • Any web server software, such as Apache or Nginx, should have SSLv2 disabled completely in favor of more modern cipher suites.
  • If OpenSSL is used, users should make sure it’s been patched to the latest version that fixes this vulnerability.
  • OpenSSL 1.0.1 should be upgraded to 1.0.1s. Those using OpenSSL 1.0.2 should make sure they’re running 1.0.2g.
  • As a generic countermeasure to exploits, efforts should be made to make sure all software and operating systems are regularly patched.
  • Keeping your server updated is always the best way to stay up to date with anti-measures in places to protect you.