wolfSSL and CyaSSL are Not Vulnerable to DROWN Attack

The recently-announced DROWN attack allows attackers to decrypt TLS sessions by taking advantage of servers that support SSLv2 and EXPORT cipher suites. SSL 2.0 was the first version of the SSL/TLS protocol standard released, and has been known to be insecure for many years now.

wolfSSL has never supported SSL 2.0 and has never had support for EXPORT grade cipher suites. As such, users of wolfSSL (formerly CyaSSL) are safe from DROWN.

Please contact us at facts@wolfssl.com if you have further concerns or questions.

References:
DROWN Attack
CVE-2016-0800