OpenSSL Advisory from 2016-03-01

On March 1st, the OpenSSL project released a security advisory with a number of vulnerabilities ranging from low to high severity.

Our support team has received a number of questions about the DROWN (CVE-2016-0800: Cross-protocol attack on TLS using SSLv2) vulnerability and the related CVE-2016-0703 and CVE-2016-0704, so we are addressing it in this blog post.

DROWN requires SSLv2 to be enabled in order to work. A10 has long disable support for SSLv2 in its software so this vulnerability does not affect us.
We will continue to monitor the development and will publish an update if some new information is presented.


March 7, 2016

About A10 PSIRT Team

The A10 SERT Team is A10 Networks' Security Engineering Research Team. READ MORE