Information for VU#583776

Network traffic encrypted using RSA-based SSL certificates over SSLv2 may be decrypted by the DROWN attack



Vendor Statement

"Our version comes with a preferred cipher list which has mitigated SSLv2 issues since march 2015, our latest version was released on 2 march 2016 with Openssl 1.0.2g which has the additional fix(es) for VU#583776."

Vendor Information supports NGINX for Windows

Vendor References


There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.