IBM HTTP Server is not affected by the DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability if you are on the latest releases and fixpack levels..
The IBM HTTP Server is not affected by the DROWN: Decrypting RSA with Obsolete and Weakened eNcryption" vulnerability (CVE-2016-0800) if you are on the latest releases and fixpack levels and you have not re-enabled SSLv2.
Please verify that you are on a fix pack level where SSLv2 has been disabled as described in the following publication:
As a reminder SSLv3 has also been removed for the IBM HTTP Server
IBM highly recommends against using SSLv2 or SSLv3 in any other hardware or software offerings as these old versions are no longer suitable to be used given the inherited weakness of these protocols.
04 March 2016: original document published
15 June 2018