Reply to post:

One-third of all HTTPS websites open to DROWN attack

Stephen W Harris

Why is anyone still configured for SSLv2 anyway? Yes, the openssl bug (CVE-2015-3197) that allowed SSLv2 to be used even when disabled means there's still an issue to be patched, but that's not the question.

We know SSLv2 is insecure. It's been on the bad-boy list for many years. So why do people still have it configured?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021