Reply to post:

One-third of all HTTPS websites open to DROWN attack


> We know SSLv2 is insecure. It's been on the bad-boy list for many years. So why do people still have it configured?

I would reckon most of these aren't just web servers where even your local bobby tables web dev can disable SSLv2 in Apache. But appliances, admin interfaces, vCenter servers, iDRACs, NetScalers and who knows what else that have been left exposed by half-wits, never been patched, and never will be patched because support has elapsed and firmware can't be found and etc.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021