Is the check of DROWN vulnerability in the API V2 is same as the ssllabs prod site. Because I am getting not vulnerable result in API V2 and vulnerable result in web prod. What could be the reason ?
Do you get a different result running the scan form the UI ? You shouldn't, but may isolate an issue.
The two platforms use different code so it's not the same. For one the code runs on a scanner and shares resources with all other modules and detections so has limitations. For the other a whole server(s) is/are devoted to running the checks and it's the original code from Ivan Ristic.
Probably best to open a support case to investigate the differences.
Retrieving data ...