Reply to post:

One-third of all HTTPS websites open to DROWN attack

Crazy Operations Guy

If it is only unenecrypted, SMTP, it wouldn't show up on the vulnerability page. It is quite likely also running SMTP/s on port 587 which negotiates the encrypting protocol and would be vulnerable.

The vulnerability scanner is trying to perform an SSLv2 handshake, so that fact that it was able to means that something on that server is vulnerable.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021