Downloads

Blog

Contact Us

How to Mitigate DROWN CVE-2016-0800

March 4, 2016

Author

Share this Post:

This blog post will discuss how to Mitigate DROWN CVE-2016-0800.

Unless you’ve been living in a cave you’ll have heard (or likely to hear about soon) the drown attack. From the Red Hat site:

“A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

Find out more about CVE-2016-0800 from the MITRE CVE dictionary dictionary and NIST NVD.”

The following graphic should help explain the vulnerability:

Mitigate DROWN CVE-2016-0800

In short, disable SSLv2 if you do not need it (similar to the way SSLv3 was disabled due to POODLE).

So how about those services?

MySQL uses TLS1.0 for versions < 5.7.10

MySQL uses a configuration TLS version when using >= 5.7.10
- tls_version

MongoDB uses a configuration variable for the TLS for version when using >= 3.0.7
- net.ssl.disabledProtocols

Please respond in the comments with any questions!

Subscribe

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Resources

RELATED POSTS

Auditing Login Attempts in MySQL and MariaDB

2026 – MySQL Ecosystem Performance Benchmark Report

What Exactly Is the MySQL Ecosystem?

Far
Enough.

Said no pioneer ever.

Get Started

Open source database software from experts who stand with you in production. Forever free from lock-in and other corporate BS.

Connect

© 2026 Percona All Rights Reserved

|

|

|

|

Security Center

MySQL, PostgreSQL, InnoDB, MariaDB, MongoDB and Kubernetes are trademarks for their respective owners.

© 2026 Percona All Rights Reserved