On Wed, Mar 02, 2016 at 09:45:50PM +, Matthew Huff wrote:
> If your mail server still is advertising SSLv2, you SSL private key may be
> vulnerable.
Does DROWN allow an attacker to steal the server’s private key?
No. DROWN allows an attacker to decrypt one connection at a time. The attacker
On Thu, Mar 03, 2016 at 11:19:13AM +0100, Johann Klasek wrote:
> On Wed, Mar 02, 2016 at 06:01:33PM -0800, Franck Martin via mailop wrote:
> > On Wed, Mar 2, 2016 at 5:29 PM, Brandon Long wrote:
> >
> > > I thought that POODLE required a specific type of fallback that tended to
> > > be browser s
On Wed, Mar 02, 2016 at 06:01:33PM -0800, Franck Martin via mailop wrote:
> On Wed, Mar 2, 2016 at 5:29 PM, Brandon Long wrote:
>
> > I thought that POODLE required a specific type of fallback that tended to
> > be browser specific (ie, prevent a tls connection, forcing the browser to
> > fall ba
