The DROWN (Decrypting RSA using Obsolete and Weakened eNcryption) vulnerability (CVE-2016-0800) not only affects systems using SSLv2. Even servers that are equipped with a certificate, which uses the same private key that has been used to create certificates for other web servers accessible via SSLv2 are at risk.

SSLv2 is regarded as not sufficiently secure for years. Accordingly, SSLv2 is disabled per default in Cryptshare servers for some time. Customers have the option to customize the SSL configuration of their Cryptshare Server and to enable SSLv2, e.g. in order to provide support for older browsers.

However, servers may even be at risk even when SSLv2 is deactivated on the system. It the server is using a certificate with a private key which is also in use on any other server still running SSLv2, the server security may be compromised.  This risk is particularly high when using wildcard certificates.
It is therefore strongly recommended to check both criteria for your Cryptshare System and adjust the SSL configuration of the server accordingly and/or replace the certificate.

For a quick check to see if your server is vulnerable to the Drown attack, we recommend the test provided at Please note that the results presented here are no results of live tests but represent a snapshot that was created in February 2016.

You can check the current SSL configuration of your server under When running the query, we recommend to activate the option not to publish the results on the website of Qualys SSL Labs.