The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Sweet32 (CVE-2016-2183)

Discussion in 'Security' started by grayloon, Nov 1, 2016.

Tags:
  1. grayloon

    grayloon Well-Known Member

    Joined:
    Oct 31, 2007
    Messages:
    102
    Likes Received:
    2
    Trophy Points:
    68
    Location:
    Evansville, IN
    cPanel Access Level:
    Root Administrator
    Twitter:
    A recent scan from TrustWave is listing this vulnerability.

    Details: This is a cipher vulnerability, not limited to any specific SSL/TLS software implementation. DES and Tripple DES (3DES) block ciphers with a block size of 64 bits, have a birthday bound of approximately 4 billion blocks (or 2 to the power of 32, hence the name of this vulnerability). A man-in-the-middle (MitM) attacker, who is able to capture a large amount of encrypted network traffic, can recover sensitive plain text data.

    Remediation: This issue can by avoided by disabling block ciphers of 64 bit length (like DES/3DES) in all the SSL/TLS servers. Exact procedure depends on the actual implementation. Please refer to the documentation of your SSL/TLS server software.

    Can anyone confirm that the Apache SSL Cipher Suite should change from:
    To:
    I wasn't sure if all DES-CBC3 ciphers should be removed or just the last one in the list.
     
    friedmayofan likes this.
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,086
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The report from Trustwave does suggest removing all DES and 3DES-related ciphers, so your example is correct if that's what they require for compliance. You can read the OpenSSL article about this specific vulnerability on their website at:

    The SWEET32 Issue, CVE-2016-2183 - OpenSSL Blog

    There are some comments under the article regarding Trustwave that you may want to review.

    Thank you.
     
    friedmayofan likes this.
Loading...

Share This Page