SWEET32 - CVE-2016-2183

Security annoucements of interest to the AtomiCorp community, such as vulnerabilities in third party applications.
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

SWEET32 - CVE-2016-2183

Unread post by biggles »

User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: SWEET32 - CVE-2016-2183

Unread post by mikeshinn »

No. DES/3DES is the only cipher used in SSL/TLS which has a block size of 64 bits. Ciphers with larger block sizes, such as AES, are immune to the attack. So unless you're using DES or 3DES ciphers with your webserver, you dont need to be concerned. ASL disables DES and 3DES in apache by default, if you are using another webserver check to make sure you have those ciphers disabled.
Post Reply