LibreSSL not affected by DROWN attack

by
from OpenBSD Journal on (#15MMG)
As noted by Bernard Spil, the OpenSSL bugs disclosed on 2016-03-01 have very little impact on LibreSSL, especially on OpenBSD. However, we will briefly mention the two high-profile issues:

LibreSSL (on any platform) is not affected by DROWN. Support for SSLv2 was flensed out quite a while ago.Cachebleed is local-only, and requires a lot effort to get. This is thought to be very difficult to exploit on OpenBSD due to many of the normal mitigations on an OpenBSD system. Other systems without such mitigations may not be so lucky.
External Content
Source RSS or Atom Feed
Feed Location http://undeadly.org/cgi?action=rss
Feed Title OpenBSD Journal
Feed Link http://undeadly.org/
Reply 0 comments