[arch-general] Heads up: If you are using SSLv2 turn it off immediately

Nicolas F. archlist at fratti.ch
Thu Mar 3 07:37:06 UTC 2016


On 01/03/16 23:23, P. A. López-Valencia wrote:
> The vulnerability is so bad[1], it doesn't only have a CVE number, 
> CVE-2016-0800[4], but a name and its own website: HTTPS DROWN[1][2][3].

Just as many other vulnerabilities these days, there is a marketing
campaign behind them, probably to sell consultancy services.

Anybody who's security-minded hasn't been using SSLv2 anyway.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20160303/f197e40a/attachment.asc>


More information about the arch-general mailing list