MoinQ:

security/DROWNについて、ここに記述してください。

opensslの不良ということで、opensslを入れ替えるのだが、なにをすべきなのか:

https://blog.qualys.com/securitylabs/2016/03/01/drown-abuses-ssl-v2-to-attack-rsa-keys-and-tls

SSL 3 is dead, killed by the POODLE attack https://blog.qualys.com/ssllabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack

https://blog.qualys.com/ssllabs/2013/03/19/rc4-in-tls-is-broken-now-what


説明: https://drownattack.com/

OpenSSL 1.0.2gはインストールしたが。-- ToshinoriMaeno 2016-03-05 00:42:17

https://www.openssl.org/blog/blog/2016/03/01/an-openssl-users-guide-to-drown/

Your secure TLS-only HTTPS server is vulnerable if you expose the same key on an email server that supports SSLv2.