Reply to post:

One-third of all HTTPS websites open to DROWN attack

LDS Silver badge

If your SMTP server shares the RSA key with another using TLS only, the attack will work against the TLS one using the SMTP server SSLv2 flaw. It doesn't matter what protocol the SSLv2 server is using.

You need to ensure the SSLv2 server uses its own RSA key which is not shared with anything else - including IMAP and POP, if they are served by the same host.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021