The SSLv2 DROWN Security Vulnerability

Last updated 2016-08-03 19:36:19 UTC

A web security vulnerability has been discovered called DROWN.

This vulnerability exposes weaknesses in the SSLv2 encryption protocol that could allow attackers to perform "man in the middle" attacks to read encrypted web traffic.

AssureSign has not supported SSLv2 for a number of years, and support for SSLv3 was disabled for all of our web traffic already in October 2014. Therefore, AssureSign is not vulnerable to the DROWN attack.

In addition, AssureSign has already committed to having all of our web traffic served only over TLS 1.2, which requires that TLS versions 1.0 and 1.1 be disabled. These protocols will still be permitted for outbound DocumentTRAK communications, but we strongly advise all of our customers that any web encryption protocol beside TLS 1.2 is now not considered secure.

Please contact if you have any further questions regarding this announcement.

Donald Kratt
Chief Technology Officer