Conference logo

The DROWN Attack - Sebastian Schinzel

33c3 - Security - 12/27/2016

We present DROWN, a novel cross-protocol attack on TLS that uses a server supporting SSLv2 as an oracle to decrypt modern TLS connections. Using Internet-wide scans, we find that 33% of all HTTPS servers are vulnerable to this protocol-level attack.

Share this talk:
https://c3stream.de/Info?guid=61f9d4c6-a3de-4958-a57c-efcf941668fa