On Wed, Mar 02, 2016 at 09:45:50PM +0000, Matthew Huff wrote: > If your mail server still is advertising SSLv2, you SSL private key may be > vulnerable.
Does DROWN allow an attacker to steal the server’s private key? No. DROWN allows an attacker to decrypt one connection at a time. The attacker does not learn the server’s private key. https://drownattack.com/#question-answer
signature.asc
Description: PGP signature
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
