The Cloudflare Blog

Subscribe to receive notifications of new posts:

Staying afloat: the DROWN Attack and CloudFlare

2016-03-01

John Graham-Cumming

1 min read

CloudFlare customers are automatically protected against the recently disclosed DROWN Attack. We do not have SSLv2 enabled on our servers.

We publish our SSL configuration here so that others can use it. We currently accept TLS 1.0, 1.1 and 1.2.

We are proactively testing our customers' origin web servers to detect vulnerable servers and will be reaching out to any that have a server that is vulnerable to DROWN.

In the interim, ensure that SSLv2 is fully disabled and/or that private keys are not shared with servers that still need to have SSLv2.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

Attacks SSL Vulnerabilities Security

Follow on X

Cloudflare|@cloudflare

December 15, 2025 2:00 PM

The 2025 Cloudflare Radar Year in Review: The rise of AI, post-quantum, and record-breaking DDoS attacks

We present our 6th annual review of Internet trends and patterns observed across the globe, revealing the disruptions, advances and metrics that defined 2025. ...

David Belson

Year in Review, Radar, Trends, Internet Trends, Internet Traffic, Outage, Internet Quality, Security, AI

December 11, 2025 4:20 PM

React2Shell and related RSC vulnerabilities threat brief: early exploitation activity and threat actor techniques

Early activity indicates that threat actors quickly integrated this vulnerability into their scanning and reconnaissance routines and targeted critical infrastructure including nuclear fuel, uranium and rare earth elements. We outline the tactics they appear to be using and how Cloudflare is protecting customers. ...

Cloudforce One

Vulnerabilities, Threat Intelligence, Research

December 03, 2025 2:20 PM

Cloudflare WAF proactively protects against React vulnerability

Cloudflare offers protection against a new high profile vulnerability for React Server Components: CVE-2025-55182. All WAF customers are automatically protected as long as the WAF is deployed....

Daniele Molteni

Cloudforce One, WAF, Web Application Firewall, Vulnerabilities, CVE, React

November 05, 2025 2:00 PM

How Workers VPC Services connects to your regional private networks from anywhere in the world

Workers VPC Services enter open beta today. We look under the hood to see how Workers VPC connects your globally-deployed Workers to your regional private networks by using Cloudflare's global network, while abstracting cross-cloud networking complexity....

Cloudflare Workers, Workers VPC, Cloudflare Tunnel, Network, Hybrid Cloud, Security, VPC, Private Network