Factsheet Disable SSL 2.0 and upgrade OpenSSL

  • Type: Factsheet
  • Last change: 04-03-2016
  • First publication: 04-03-2016
  • Version: 1.0
  • Status: Active

On 1 March, a group of researchers presented the DROWN attack methods for TLS. An attacker uses DROWN to abuse servers that still support SSL 2.0. Servers that run a vulnerable version of OpenSSL can be abused in the same way, regardless of whether they support SSL 2.0. An attacker who is able to intercept network traffic that is secured with TLS, may attempt to decrypt this traffic using the vulnerable server. This allows him to inspect the traffic.

The NCSC advises to always configure TLS on the basis of the IT security guidelines for Transport Layer Security. Therefore, disable SSL 2.0, install the most recent updates of OpenSSL and prefer cipher suites that provide forward secrecy on all servers.

This factsheet is aimed at IT administrators, information security professionals and IT managers.

Dutch

A Dutch version of this factsheet is available on the Dutch section of this website.

Download

CSAN 2018

Nederland digitaal veilig