AnsweredAssumed Answered

Help understanding DROWN results

Question asked by Mark Beiley on Apr 24, 2016
Latest reply on Apr 28, 2016 by Mark Beiley

I'm trying to understand why my site is getting an F for the DROWN attack.  See:

 

SSL Server Test: beiley.com (Powered by Qualys SSL Labs)

 

which shows my server susceptible.  However, if I go to the linked test here:

 

https://test.drownattack.com/?site=beiley.com

 

it shows no other servers found matching this name.  Doesn't that mean there is no other server running SSLv2 with my beiley.com certificate?  I think the problem may somehow have to do with a different certificate being used on the email port of my server, but am not clear on this.  On my SSLLabs test page, it shows:

 

IP AddressPortExportSpecialStatus
198.252.65.104443YesNoVulnerable (same key with SSL v2)

 

which if you follow that link, shows information about a certificate for arvixe.com (not beiley.com) being available on port 110 for POP3.  Arvixe is my hosting company, and their certificate is probably the one being made available for email.  Is the SSLLabs test giving me an F because the traffic to my server on the POP3 port could be compromised?  It seems the traffic on my HTTPS port is ok, since no other server is found running SSLv2 with my beiley.com certificate.  Do I understand this correctly?  The SSLLabs test only shows information on the beiley.com certificate in the certificate section, but I'm getting a DROWN failure because of a compromised arvixe.com certificate, which is only being used on the email port...?  Just a little confused, and hoping someone can help clarify this?

 

Thanks,

Mark

Outcomes