Subscribe to receive notifications of new posts:

Staying afloat: the DROWN Attack and CloudFlare

03/01/2016

1 min read

CloudFlare customers are automatically protected against the recently disclosed DROWN Attack. We do not have SSLv2 enabled on our servers.

We publish our SSL configuration here so that others can use it. We currently accept TLS 1.0, 1.1 and 1.2.

We are proactively testing our customers' origin web servers to detect vulnerable servers and will be reaching out to any that have a server that is vulnerable to DROWN.

In the interim, ensure that SSLv2 is fully disabled and/or that private keys are not shared with servers that still need to have SSLv2.

We protect entire corporate networks, help customers build Internet-scale applications efficiently, accelerate any website or Internet application, ward off DDoS attacks, keep hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.
AttacksSSLVulnerabilitiesSecurity

Follow on X

Cloudflare|@cloudflare

Related posts