top of page
  • Jason Trupp

DROWN Vulnerability with Remediation

Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. Exploitation of this vulnerability—referred to as DROWN in public reporting—may allow a remote attacker to obtain the private key of a server supporting SSLv2.

Symas encourages users and administrators to review Vulnerability Note VU#583776 and read OpenSSL’s advisory for additional information.

Remediation: Symas OpenLDAP can be protected against DROWN by doing the following:

  1. Ensure you are running Symas OpenLDAP release 2.4.40-1 or later. If you need to upgrade, the latest release, 2.4.43-1, can be downloaded at

  2. Set TLSProtocolMin to completely disable all protocols below 3.1. To do this, add the following to the global section of your slapd.conf file (slapd restart required): TLSProtocolMin 3.1 Or, if you use cn=config, add: olcTLSProtocolMin: 3.1

For questions or concerns, please contact Symas Support.

116 views0 comments

Recent Posts

See All

OpenLDAP & LMDB Sizing Guide

Jan 17, 2022 Introduction Symas OpenLDAP configured with LMDB has been extensively tested and its performance characteristics are well understood. Both OpenLDAP and LMDB’s scaling characteristics are

Implementing LDAPS in Symas OpenLDAP 2.5+

Please note that the certificates must be in a pem format (.pem or .crt). You will need three certificates: Root CA certificate, server certificate (with the fqdn of server in subject line or in the s


bottom of page