Atomicorp

Security for Everyone
https://forums.atomicorp.com/

SWEET32 - CVE-2016-2183

https://forums.atomicorp.com/viewtopic.php?t=8467

Page 1 of 1

SWEET32 - CVE-2016-2183

Posted: Wed Aug 24, 2016 1:00 pm
by biggles
Should we be concerned?

https://www.openssl.org/blog/blog/2016/08/24/sweet32/

Re: SWEET32 - CVE-2016-2183

Posted: Wed Aug 24, 2016 4:29 pm
by mikeshinn
No. DES/3DES is the only cipher used in SSL/TLS which has a block size of 64 bits. Ciphers with larger block sizes, such as AES, are immune to the attack. So unless you're using DES or 3DES ciphers with your webserver, you dont need to be concerned. ASL disables DES and 3DES in apache by default, if you are using another webserver check to make sure you have those ciphers disabled.
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited