Red Hat Security Blog: March 2016 archives

  • Go home SSLv2, you’re DROWNing

    The SSLv2 protocol had its 21st birthday last month, but it’s no cause to celebrate with an alcohol beverage, since the protocol was already deprecated when it turned 18. Announced today is an attack called DROWN that takes advantage of systems still using SSLv2. Many cryptographic libraries already disable SSLv2 by default, and updates from the OpenSSL project and Red Hat today catch up. What is DROWN? CVE-2016-0800, also known as DROWN, stands for Decrypting RSA using Obsolete and Weakened...
    Posted 2016-03-01T13:00:00+00:00 - 0