FYI for anyone concerned about this latest issue "DROWN" - its only a problem if SSLv2 is enabled. SSLv2 has been broken for a long time, so should be disabled. However, if it is exposed then an attacker can retrieve the private key, and in doing so will be able to also decrypt secure TLS 1.2+ sessions to any server using that private key.
https://www.openssl.org/news/secadv/20160301.txt
