AnsweredAssumed Answered

Cert DROWN false positive?

Question asked by Jamie MacIsaac on Mar 16, 2016
Latest reply on Mar 18, 2016 by Shawn Heisey



I have a thawte SHA256 SSL certificate ( on that's being marked as vulnerable to the DROWN attack because of a similarly named wildcard COMODO RSA Domain Validation Secure Server certificate (* on and - see SSL Server Test: (Powered by Qualys SSL Labs)


The server has never used the COMODO RSA certificate, yet it's still marked as vulnerable (the servers using the COMODO cert are indeed vulnerable, but they're nothing to do with me). I've looked and can't understand why. Can anybody else shed some light on why is marked as vulnerable?