top of page

DROWN Vulnerability with Remediation

  • Jason Trupp
  • Mar 14, 2016
  • 1 min read

Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. Exploitation of this vulnerability—referred to as DROWN in public reporting—may allow a remote attacker to obtain the private key of a server supporting SSLv2.

Symas encourages users and administrators to review Vulnerability Note VU#583776 and read OpenSSL’s advisory for additional information.

Remediation: Symas OpenLDAP can be protected against DROWN by doing the following:

  1. Ensure you are running Symas OpenLDAP release 2.4.40-1 or later. If you need to upgrade, the latest release, 2.4.43-1, can be downloaded at https://symas.com/downloads

  2. Set TLSProtocolMin to completely disable all protocols below 3.1. To do this, add the following to the global section of your slapd.conf file (slapd restart required): TLSProtocolMin 3.1 Or, if you use cn=config, add: olcTLSProtocolMin: 3.1

For questions or concerns, please contact Symas Support.

Recent Posts

See All
The Achilles Heel of LRU Caches

Ever since we released LMDB, our advice to software designers has been "don't do application level caching. Let the kernel handle it for...

 
 
OpenLDAP & LMDB Sizing Guide

Jan 17, 2022 Introduction Symas OpenLDAP configured with LMDB has been extensively tested and its performance characteristics are well...

 
 
bottom of page