Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
SSL:AUDIT:SSL-V2-TRAFFIC |
|---|---|
Severity |
Info |
Recommended |
No |
Category |
SSL |
Keywords |
SSLv2 Traffic Identified |
Release Date |
2014/10/20 |
Update Number |
2431 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
SSL: SSLv2 Traffic Identified
This signature detects SSLv2 traffic over the network. It is a legacy protocol and its usage is discouraged.
Extended Description
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
Affected Products
- Openssl openssl 1.0.1
- Openssl openssl 1.0.1a
- Openssl openssl 1.0.1b
- Openssl openssl 1.0.1c
- Openssl openssl 1.0.1d
- Openssl openssl 1.0.1e
- Openssl openssl 1.0.1f
- Openssl openssl 1.0.1g
- Openssl openssl 1.0.1h
- Openssl openssl 1.0.1i
- Openssl openssl 1.0.1j
- Openssl openssl 1.0.1k
- Openssl openssl 1.0.1l
- Openssl openssl 1.0.1m
- Openssl openssl 1.0.1n
- Openssl openssl 1.0.1o
- Openssl openssl 1.0.1p
- Openssl openssl 1.0.1q
- Openssl openssl 1.0.1r
- Openssl openssl 1.0.2
- Openssl openssl 1.0.2a
- Openssl openssl 1.0.2b
- Openssl openssl 1.0.2c
- Openssl openssl 1.0.2d
- Openssl openssl 1.0.2e
- Openssl openssl 1.0.2f
- Pulsesecure client -
- Pulsesecure steel_belted_radius -
References