We present DROWN, a novel cross-protocol attack on TLS that uses a server supporting SSLv2 as an oracle to decrypt modern TLS connections. Using Internet-wide scans, we find that 33% of all HTTPS servers are vulnerable to this protocol-level attack.
about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7821.html
↧
