On March 1st 2016, OpenSSL released patches that disable the SSLv2 protocol by default, as well as removing SSLv2 EXPORT ciphers.
A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle.
Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys of the non-vulnerable server.
This vulnerability is known as DROWN.
The vulnerability is referred by CVE as CVE-2016-0800. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800)
So, please patch your system to prevent this attack if you are not done yet.
Have a good time.
(Be knowledgeable, pass it on then)Type your summary here.
Type the rest of your post here.