The DROWN attack (SSLv2 supported)
Description
DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) is a cross-protocol attack that exploits the obsolete SSLv2 protocol to compromise modern TLS connections. A server is vulnerable if it supports SSLv2 connections directly, or if its private key is shared with any other server that supports SSLv2—even for different services or protocols. This vulnerability allows attackers to decrypt secure HTTPS traffic and other TLS-protected communications by leveraging weaknesses in SSLv2's cryptographic implementation. The attack affects any service relying on SSL/TLS for encryption, including web servers, email servers, and VPN gateways.
Remediation
Immediately disable SSLv2 protocol support on all servers and services. Follow these steps to remediate:
1. Disable SSLv2 Protocol:
For OpenSSL-based servers (Apache, Nginx), update your SSL configuration to explicitly exclude SSLv2:
SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:!aNULL:!MD5:!SSLv2
For Nginx:
ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5:!SSLv2;
2. Update OpenSSL:
Ensure OpenSSL is updated to version 1.0.1r, 1.0.2f, or later to address CVE-2015-3197.
3. Audit Private Key Usage:
Identify all servers using the same private keys and ensure none support SSLv2. Consider generating unique key pairs for each service to prevent cross-protocol vulnerabilities.
4. Verify Configuration:
Test your servers using online tools at https://drownattack.com/ or use OpenSSL command-line testing:
openssl s_client -connect yourserver.com:443 -ssl2
The connection should fail if SSLv2 is properly disabled.
5. Restart Services:
Restart all affected services after configuration changes to ensure settings take effect.