DROWN vulnerability mitigation?

Forum|Forum|10 years ago
March 1, 2016
2 replies
9678 views

DROWN vulnerability on SSL/TLS was made public today with good information at https://drownattack.com.

I'm looking for info from Fortinet/FortiGuard on how/if FortiWeb does/can mitigate this vulnerability.

Comments?

paradoxum

New Member

+1

I'm running several devices with v5 p10 load and wondering if the SSL VPN, web admin or any other functionality is affected by this exploit.

pcraponi

New Member

This vulnerability only affect SSLv2 servers.

To disable this kind of cipher on Fortigate, you can do it on CLI:

# config system global

# set strong-crypto enable

# end

If you have some server behind Fortigate, you will need waiting, because has no IPS signature until now.

Regards,

Paulo Raponi, NSE8

fortitrolol

New Member

When will Fortinet be releasing an updated signature for this? Is it possible to create one?

Spartacus1988

New Member

I am looking for information on this, as well. I would like to know whether we can globally disable ssl v2. I can see that our servers are currently vulnerable.

will enabling the strong crypto on via cli prevent this ?

Or can we mitigate by enabling SSL inspection ?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded