Sweet32 - Vulnerbility

Recently there was another Vulnerability grab My attention which was related to DES and Tripple DES (3DES) , Any men in the middle can exploit this vulnerability by capturing large amount of encrypted data and thus recover plain text sensitive data.

Severity: Medium
CVE Number: CVE-2016-2183

For Freelance Work & Queries Contact me by Email Id support@linuxforeveryone.com

Remediation : You need to disable any ciphers starting with DES and 3DES supported by Server by any service present on server for example

  • Apache
  • Nginx etc
Important Point to Remember : 1 :
Normally old browser don't supports DES and 3DES ciphers. It is very important to note that in many cases, a software update (back-ported version provided by Operating System vendor ) won't be enough to resolve this issue. Usually software update doesn't overwrite manually tweaked configuration files, which means, DES/3DES can be still available, even if the software update disables them by default.   

Important Point to Remember : 2 : 
On Windows 7/10 systems running RDP (Remote Desktop Protocol), the vulnerable cipher that should be disabled is labeled 'TLS_RSA_WITH_3DES_EDE_CBC_SHA'.   

Important Point to Remember : 3 :
Please limit the number of requests client can make in a single TLS session and / or the keep-alive timeout value, If disabling 64 bit block ciphers is not possible. 


Contact support@linuxforeveryone for any Freelancing work on Linux Servers

Subscribe my YouTube Channel 

Like My Facebook Page 

Browse the Best in class Web Hosting Plans
Share on Google Plus

About Er.Susheel

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.
    Blogger Comment
    Facebook Comment


Post a Comment