AnsweredAssumed Answered

Server incorrectly downgraded to F (DROWN attack) although not vulnerable?

Question asked by Hermann Stamm-Wilbrandt on Sep 28, 2016
Latest reply on Oct 6, 2016 by Hermann Stamm-Wilbrandt

I used SSLlabs server test for my website and the test complains that server is vulnerable to DROWN attack:

SSL Server Test: (Powered by Qualys SSL Labs) 

I contacted my web hoster and he said that he fixed all servers long ago.
And he provided proof that my website is not vulnerable:

IP addressHostnamePortGeneral DROWNSpecial DROWN
CVE-2016-0800CVE-2015-3197CVE-2016-0703 vulnerableNot vulnerableNot vulnerable


Is there a bug in SSLlabs server test wrt DROWN detection?

Or is wrong?