For the second time in as many years, HTTPS encryption has turned out to have a huge flaw. This time, it's called DROWN, and it affects more than 11 million servers that use the open source OpenSSL library. But that doesn't make it another Heartbleed, and it doesn't mean it's time to give up on OpenSSL entirely.
DROWN allows attackers to decrypt data by monitoring SSLv2 handshakes. SSLv2 was deprecated a couple of years ago, so in theory this should not be a huge vulnerability. It turns out, however, that many servers -- up to one third of all websites, according to some reports -- still support SSLv2, making them potentially subject to the DROWN attack. Worse, the attack affects not just HTTPS-encrypted websites, but some email servers, too.
The DROWN vulnerability impacts any encryption software that supports SSLv2. But with the announcement of the threat, most eyes immediately turned to OpenSSL, the open source encryption library that is widely used.
OpenSSL developers had already issued a patch to prevent DROWN attacks as of March 1. Still, the threat naturally gave rise to even more doubts about OpenSSL. It led some observers to question why so many websites keep using it, given the number of serious OpenSSL-related security vulnerabilities that have cropped up in recent years. The most famous of those was Heartbleed, but that was not the only one. Another serious OpenSSL security bug appeared just a few weeks ago.
As cryptographer Matt Green told Ars Technica, for example, "It's amazing to me that we keep finding one or two of these [vulnerabilities] per year for protocols that are this old. This shouldn't keep happening."
In this case, however, it seems unfair to blame OpenSSL, or the open source cryptography community, for the flaw. DROWN is not OpenSSL-specific, and -- unlike Heartbleed -- it does not involve a fundamental cryptography flaw in code deemed safe as much as it stems from poor configurations of servers that rely on software (SSLv2) no longer known to be secure.
Yehuda Lindell, founder of security company Dyadic, perhaps put it best. "This is not another heartbleed in the sense that heartbleed was incredibly easy to exploit," he told The VAR Guy, adding that DROWN "is a very serious attack, but can be prevented quite easily."
In Lindell's view, the real danger is from poorly configured servers, not the developers of encryption software like OpenSSL. "It was recommended to disable SSLv2 (and even SSL v3) already a long time ago," he said. "The fact that so many servers still support it in itself demonstrates a huge problem: the people managing websites and securing them often do not have the know-how or resources to do it properly."
We agree. It's tempting to panic about DROWN as another Heartbleed, and blame the encryption developers. But that's unfair in this case.