top of page
Jason Trupp

DROWN Vulnerability with Remediation


Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. Exploitation of this vulnerability—referred to as DROWN in public reporting—may allow a remote attacker to obtain the private key of a server supporting SSLv2.

Symas encourages users and administrators to review Vulnerability Note VU#583776 and read OpenSSL’s advisory for additional information.

Remediation: Symas OpenLDAP can be protected against DROWN by doing the following:

  1. Ensure you are running Symas OpenLDAP release 2.4.40-1 or later. If you need to upgrade, the latest release, 2.4.43-1, can be downloaded at https://symas.com/downloads

  2. Set TLSProtocolMin to completely disable all protocols below 3.1. To do this, add the following to the global section of your slapd.conf file (slapd restart required): TLSProtocolMin 3.1 Or, if you use cn=config, add: olcTLSProtocolMin: 3.1

For questions or concerns, please contact Symas Support.

116 views0 comments

Recent Posts

See All

OpenLDAP & LMDB Sizing Guide

Jan 17, 2022 Introduction Symas OpenLDAP configured with LMDB has been extensively tested and its performance characteristics are well...

Comments


bottom of page