AnsweredAssumed Answered

DROWN vuln possible mislabeling

Question asked by smaug on Jun 25, 2018
Latest reply on Jun 25, 2018 by smaug

 

I have a secure *.example.com host "Host1" which gets an "F" grade because there is another *.example.com host "Host2" which is vulnerable to DROWN (it says Vulnerable (same hostname with SSL v2)). It is not possible to update the "Host2" ATM.

 

But if I'm not mistaken, to be vulnerable to DROWN the "Host1" should've been using the same key as "Host2" (which it doesn't, the "subject's public key" fields of the two *.example.com certificates are different).

Outcomes