Reply to post:

One-third of all HTTPS websites open to DROWN attack

Roland6 Silver badge

The vulnerability scanner is trying to perform an SSLv2 handshake, so that fact that it was able to means that something on that server is vulnerable.

Suspect it doesn't have to be "that server" but could include the load balancer et al used to front your site. Any one know if F5's Big-IP is vulnerable to DROWN?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021