OpenSSL Security Advisory shows us a script to verify a server is not vulnerable to DROWN as described on website.

Reproducer requires Python 2.6 or 3.2 or later, you will also need git to download the sources

Download reproducer:

~$ git clone
~$ cd tlsfuzzer
~$ git checkout ssl2

Download reproducer dependencies

~$ git clone .tlslite-ng
~$ ln -s .tlslite-ng/tlslite tlslite
~$ pushd .tlslite-ng

Go to branch sslv2

~$ git checkout sslv2
~$ popd
~$ git clone .python-ecdsa
~$ ln -s .python-ecdsa/ecdsa ecdsa

Verify that server don’t support SSLv2 at all: First let’s do a tunnel to our Web Server with SSH, and do a curl do ensure that you receive output ;-)

~$ ssh -f -L 4443:localhost:443 -N
~$ curl http://localhost:4443

~$ PYTHONPATH=. python scripts/ \ -h localhost -p 4443

And verify that server don’t support export grade SSLv2 ciphers, use the following command:

~$ PYTHONPATH=. python scripts/ -h localhost -p 4443