News Item

The Netherlands - NCSC publishes factsheet Disable SSL 2.0 and upgrade OpenSSL

The Netherlands' National Cyber Security Centre publishes a new factsheet advising to Disable SSL 2.0 and upgrade OpenSSL.

Published on March 03, 2016

On 1 March, a group of researchers presented the DROWN attack methods for TLS. An attacker uses DROWN to abuse servers that still support SSL 2.0. Servers that run a vulnerable version of OpenSSL can be abused in the same way, regardless of whether they support SSL 2.0. An attacker who is able to intercept network traffic that is secured with TLS, may attempt to decrypt this traffic using the vulnerable server. This allows him to inspect the traffic.

The NCSC advises to always configure TLS on the basis of the IT security guidelines for Transport Layer Security. Therefore, disable SSL 2.0, install the most recent updates of OpenSSL and prefer cipher suites that provide forward secrecy on all servers.

This factsheet is aimed at IT administrators, information security professionals and IT managers.

 
Download the factsheet: NCSC Factsheet

For more information: NCSC Announcement

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies