{"guid":"61f9d4c6-a3de-4958-a57c-efcf941668fa","title":"The DROWN Attack","subtitle":"Breaking TLS using SSLv2","slug":"33c3-7821-the_drown_attack","link":"https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7821.html","description":"We present DROWN, a novel cross-protocol attack on TLS that uses a server supporting SSLv2 as an oracle to decrypt modern TLS connections. Using Internet-wide scans, we find that 33% of all HTTPS servers are vulnerable to this protocol-level attack.","original_language":"eng","persons":["Sebastian Schinzel"],"tags":["Security"],"view_count":2065,"promoted":false,"date":"2016-12-27T14:00:00.000+01:00","release_date":"2016-12-27T01:00:00.000+01:00","updated_at":"2026-02-01T22:15:10.376+01:00","length":3335,"duration":3335,"thumb_url":"https://static.media.ccc.de/media/congress/2016/7821-hd.jpg","poster_url":"https://static.media.ccc.de/media/congress/2016/7821-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2016/61f9d4c6-a3de-4958-a57c-efcf941668fa-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2016/61f9d4c6-a3de-4958-a57c-efcf941668fa-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/33c3-7821-the_drown_attack","url":"https://api.media.ccc.de/public/events/61f9d4c6-a3de-4958-a57c-efcf941668fa","conference_title":"33C3: works for me","conference_url":"https://api.media.ccc.de/public/conferences/33c3","related":[{"event_id":3597,"event_guid":"87092ad2-d3fd-4a37-bb58-1fe71217a06b","weight":30},{"event_id":3598,"event_guid":"f75d0531-ac47-4edd-99bd-9eadd836982a","weight":32},{"event_id":3599,"event_guid":"c54bec28-0cec-4472-9a0f-36be8b626dd7","weight":35},{"event_id":3601,"event_guid":"5a517be2-220b-4eb6-88c3-e7ef08c98ace","weight":47},{"event_id":3603,"event_guid":"798573a8-f544-48f0-abaf-ebc405f03f4a","weight":44},{"event_id":3604,"event_guid":"1275f046-e52e-4b0b-9f5b-7eb2008b2ec4","weight":49},{"event_id":3606,"event_guid":"1aa7a4c5-1a3f-444f-99fb-e9c7b4744794","weight":40},{"event_id":3607,"event_guid":"64c07cb5-ec19-4972-a2c8-96c0e0df83c6","weight":59},{"event_id":3609,"event_guid":"1efa803c-d280-49f0-bd17-8ec8f28e054f","weight":40},{"event_id":3610,"event_guid":"56537f49-c8f0-4d73-bdba-d4d8307fc170","weight":38},{"event_id":3612,"event_guid":"c92203a0-9158-4111-ab52-5dacd0e46c73","weight":44},{"event_id":3615,"event_guid":"74783236-46f4-493c-9574-1b27a44847b7","weight":49},{"event_id":3636,"event_guid":"a1a52c4c-8233-403b-8f04-db981df016c1","weight":33}],"recordings":[{"size":null,"length":null,"mime_type":"application/x-subrip","language":"eng","filename":"DRAFT_33c3-7821-eng-deu-rus-The_DROWN_Attack.en_DRAFT.srt","state":"todo","folder":"","high_quality":true,"width":null,"height":null,"updated_at":"2022-01-15T16:52:19.921+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/DRAFT_33c3-7821-eng-deu-rus-The_DROWN_Attack.en_DRAFT.srt","url":"https://api.media.ccc.de/public/recordings/47993","event_url":"https://api.media.ccc.de/public/events/61f9d4c6-a3de-4958-a57c-efcf941668fa","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":296,"length":3335,"mime_type":"video/mp4","language":"eng","filename":"33c3-7821-eng-The_DROWN_Attack.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2016-12-27T18:36:34.095+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/h264-hd/33c3-7821-eng-The_DROWN_Attack.mp4","url":"https://api.media.ccc.de/public/recordings/13537","event_url":"https://api.media.ccc.de/public/events/61f9d4c6-a3de-4958-a57c-efcf941668fa","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":334,"length":3335,"mime_type":"video/mp4","language":"deu","filename":"33c3-7821-deu-The_DROWN_Attack.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2016-12-27T18:37:18.554+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/h264-hd/33c3-7821-deu-The_DROWN_Attack.mp4","url":"https://api.media.ccc.de/public/recordings/13538","event_url":"https://api.media.ccc.de/public/events/61f9d4c6-a3de-4958-a57c-efcf941668fa","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":334,"length":3335,"mime_type":"video/mp4","language":"rus","filename":"33c3-7821-rus-The_DROWN_Attack.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2016-12-27T18:38:04.212+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/h264-hd/33c3-7821-rus-The_DROWN_Attack.mp4","url":"https://api.media.ccc.de/public/recordings/13539","event_url":"https://api.media.ccc.de/public/events/61f9d4c6-a3de-4958-a57c-efcf941668fa","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":526,"length":3335,"mime_type":"video/mp4","language":"eng-deu-rus","filename":"33c3-7821-eng-deu-rus-The_DROWN_Attack_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2016-12-27T18:39:25.688+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/h264-hd/33c3-7821-eng-deu-rus-The_DROWN_Attack_hd.mp4","url":"https://api.media.ccc.de/public/recordings/13540","event_url":"https://api.media.ccc.de/public/events/61f9d4c6-a3de-4958-a57c-efcf941668fa","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":196,"length":3335,"mime_type":"video/mp4","language":"eng-deu-rus","filename":"33c3-7821-eng-deu-rus-The_DROWN_Attack_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2016-12-28T10:12:38.333+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/h264-sd/33c3-7821-eng-deu-rus-The_DROWN_Attack_sd.mp4","url":"https://api.media.ccc.de/public/recordings/13674","event_url":"https://api.media.ccc.de/public/events/61f9d4c6-a3de-4958-a57c-efcf941668fa","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":318,"length":3335,"mime_type":"video/webm","language":"eng-deu-rus","filename":"33c3-7821-eng-deu-rus-The_DROWN_Attack_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2016-12-28T10:14:38.148+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/webm-hd/33c3-7821-eng-deu-rus-The_DROWN_Attack_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/13677","event_url":"https://api.media.ccc.de/public/events/61f9d4c6-a3de-4958-a57c-efcf941668fa","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":163,"length":3335,"mime_type":"video/webm","language":"eng-deu-rus","filename":"33c3-7821-eng-deu-rus-The_DROWN_Attack_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2016-12-28T12:46:22.193+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/webm-sd/33c3-7821-eng-deu-rus-The_DROWN_Attack_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/13701","event_url":"https://api.media.ccc.de/public/events/61f9d4c6-a3de-4958-a57c-efcf941668fa","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":50,"length":3322,"mime_type":"audio/mpeg","language":"eng","filename":"33c3-7821-eng-deu-rus-The_DROWN_Attack_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2016-12-28T14:58:09.596+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/mp3/33c3-7821-eng-deu-rus-The_DROWN_Attack_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/13676","event_url":"https://api.media.ccc.de/public/events/61f9d4c6-a3de-4958-a57c-efcf941668fa","conference_url":"https://api.media.ccc.de/public/conferences/33c3"},{"size":42,"length":3322,"mime_type":"audio/opus","language":"eng","filename":"33c3-7821-eng-deu-rus-The_DROWN_Attack_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2016-12-28T14:58:09.670+01:00","recording_url":"https://cdn.media.ccc.de/congress/2016/opus/33c3-7821-eng-deu-rus-The_DROWN_Attack_opus.opus","url":"https://api.media.ccc.de/public/recordings/13675","event_url":"https://api.media.ccc.de/public/events/61f9d4c6-a3de-4958-a57c-efcf941668fa","conference_url":"https://api.media.ccc.de/public/conferences/33c3"}]}