Endpoint Vulnerability

SSLv2 doesn't block disabled ciphers


ciphers are nominally disabled, because malicious clients can force the use ofSSLv2 with EXPORT ciphers.OpenSSL 1.0.2g and 1.0.1s deploy the following mitigation against DROWN:SSLv2 is now by default disabled at build-time. Builds that are not configuredwith 'enable-ssl2' will not support SSLv2. Even if 'enable-ssl2' is used,users who want to negotiate SSLv2 via the version-flexible SSLv23_method() willneed to explicitly call either of:as appropriate. Even if either of those is used, or the application explicitlyuses the version-specific SSLv2_method() or its client or server variants,SSLv2 ciphers vulnerable to exhaustive search key recovery have been removed.Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2 56-bit DES are nolonger available.In addition, weak ciphers in SSLv3 and up are now disabled in default builds ofOpenSSL. Builds that are not configured with 'enable-weak-ssl-ciphers' willnot provide any 'EXPORT' or 'LOW' strength ciphers.OpenSSL 1.0.2 users should upgrade to 1.0.2gOpenSSL 1.0.1 users should upgrade to 1.0.1sThis issue was reported to OpenSSL on December 29th 2015 by Nimrod Aviram andSebastian Schinzel. The fix was developed by Viktor Dukhovni and Matt Caswellof OpenSSL.

Affected Products