����TV

Today, researchers announced the , which affects the triple-DES cipher. Although the the triple-DES vulnerability as low, they stated “triple-DES should now be considered .” ����TV security experts as well as other security pros recommend disabling any triple-DES cipher on your servers.

The Sweet32 Birthday attack does not affect SSL Certificates; certificates do not need to be renewed, reissued, or reinstalled.

About the Attack

The DES ciphers (and triple-DES) only have a 64-bit block size. This enables an attacker to run JavaScript in a browser and send large amounts of traffic during the same TLS connection, creating a collision. With this collision, the attacker is able to retrieve information from a session cookie.

The triple-DES cipher is supported by a vast majority of HTTPS servers and all major web browsers—around 600 of the .  Fortunately, most browsers opt to use AES rather than triple-DES when making an HTTPS connection.

How to Mitigate the Sweet32 Birthday Attack

To mitigate, follow one of these steps:

• Disable any triple-DES cipher on servers that still support it
• Upgrade old servers that do not support stronger ciphers than DES or RC4

OpenSSL Fix

Because OpenSSL rated the Sweet32 Birthday attack as "Low Severity," they put the fix into their repository. For more information, see the  or the .