|
|
|
|
|
|
by jwilk
2808 days ago
|
|
|
People also thought that there's no reason to remove SSLv2 from your server, and then the DROWN attack happened: https://drownattack.com/ DROWN shows that merely supporting SSLv2 is a threat to modern servers and clients. It allows an attacker to decrypt modern TLS connections between up-to-date clients and servers by sending probes to a server that supports SSLv2 and uses the same private key. |
|
|