Skip to Content.
Sympa Menu

perfsonar-user - [perfsonar-user] RedHat CVE for SSL "DROWN" vulnerability

Subject: perfSONAR User Q&A and Other Discussion

List archive

[perfsonar-user] RedHat CVE for SSL "DROWN" vulnerability


Chronological Thread 
  • From: Daniel Doyle <>
  • To: perfsonar-user <>,
  • Subject: [perfsonar-user] RedHat CVE for SSL "DROWN" vulnerability
  • Date: Wed, 2 Mar 2016 13:18:55 -0500

Hello all,

Red Hat has released a new CVE today for a vulnerability called "DROWN":


Our read of this CVE is that it only impacts the SSLv2 protocol, which has been turned off by default in the toolkit for some time now. If you are running a current instance of the perfSONAR toolkit and have not made changes to the apache configuration, you should be fine. 

If you have made changes to the apache configuration, you should review the CVE and make sure that you either disable SSLv2 or upgrade the openssl package, and either reboot the machine or restart any processes such as apache that use openssl to ensure all processes have the updates applied.

Thank you,
The perfSONAR Team

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail




Archive powered by MHonArc 2.6.16.

Top of Page