AnsweredAssumed Answered

DROWN vuln possible mislabeling

Question asked by smaug on Jun 25, 2018
Latest reply on Jun 25, 2018 by smaug


I have a secure * host "Host1" which gets an "F" grade because there is another * host "Host2" which is vulnerable to DROWN (it says Vulnerable (same hostname with SSL v2)). It is not possible to update the "Host2" ATM.


But if I'm not mistaken, to be vulnerable to DROWN the "Host1" should've been using the same key as "Host2" (which it doesn't, the "subject's public key" fields of the two * certificates are different).