March 1, 2016
Today in conjunction with an OpenSSL Security Advisory several researchers announced a new attack on HTTPS they are calling “Decrypting RSA with Obsolete and Weakened Encryption,” or DROWN. Due to Fastly’s existing TLS configuration, our services, and customers using Fastly as their CDN, are not vulnerable to this attack.
None. Our existing configuration was not vulnerable to DROWN.
No customer action is required.
Exploiting the DROWN vulnerability relies on a private key being used with a server that supports SSLv2 in addition to modern protocol versions. Fastly has disabled SSLv2 and SSLv3 in our edge HTTPS configuration since Oct 2014, supporting only TLS 1.0 and higher. We exclusively deploy the most up-to-date OpenSSL release available. Similarly, we do not support weakened export grade cipher suites. Private keys generated by or entrusted to Fastly for HTTPS are not used for any other encrypted services (SMTP, etc.).
Attacks focused on exploitation of deprecated or weak cryptography deployed for backwards compatibility remains a challenge for the security community. Fastly is committed to striking a balance that removes unsafe technology quickly while working with our customers and their users on migration.
You can learn more on the DROWN Attack homepage, the author’s Q&A, and the technical paper. Today’s OpenSSL Security Advisory contains additional detail specific to OpenSSL.