Should we be concerned?
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
SWEET32 - CVE-2016-2183
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4152
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: SWEET32 - CVE-2016-2183
No. DES/3DES is the only cipher used in SSL/TLS which has a block size of 64 bits. Ciphers with larger block sizes, such as AES, are immune to the attack. So unless you're using DES or 3DES ciphers with your webserver, you dont need to be concerned. ASL disables DES and 3DES in apache by default, if you are using another webserver check to make sure you have those ciphers disabled.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone