I use a Listman forum and according to one test, it is vulnerable to Drown.
https://test.drownattack.com/?site=sonic.net
https://test.drownattack.com/?site=sonic.net
Drown vulnerability
General discussions and other topics.
4 posts
Page 1 of 1
More importantly, ovpn.sonic.net is also allowing SSLv2. I actually migrated from beta to production and specifically told the VPN Connect client to use TLS1.2 but it failed as it wanted a lower version. Changing TLS (Default) made it work.
None of our services should be affected since we've already patched all (potentially) affected systems. In most cases our cipher suite selection prevented the attack in the first place.
I'll double check to make sure that our OpenVPN services are not affected but I don't believe they are.
I'll double check to make sure that our OpenVPN services are not affected but I don't believe they are.
Kelsey Cummings
System Architect, Sonic.net, Inc.
System Architect, Sonic.net, Inc.
Thank you, Kelsey. The drownattack site above now gives our list server a green "appears fixed".
4 posts
Page 1 of 1
Who is online
In total there are 0 users online :: 0 registered, 0 hidden and 0 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am
Users browsing this forum: No registered users and 0 guests
Most users ever online was 999 on Mon May 10, 2021 1:02 am
Users browsing this forum: No registered users and 0 guests
