0003291: Disable 3DES ciphers that are vulnerable to Sweet32 Birthday attacks - SymmetricDS

ID	Project	Category	View Status	Date Submitted	Last Update

0003291	SymmetricDS	Improvement	public	2017-10-27 15:42	2018-02-14 20:08

Reporter	elong	Assigned To	elong
Priority	normal
Status	closed	Resolution	fixed
Product Version	3.9.0
Target Version	3.9.0	Fixed in Version	3.9.0

Summary	0003291: Disable 3DES ciphers that are vulnerable to Sweet32 Birthday attacks
Description	SymmetricDS is using Jetty and the Java Cryptography Architecture to provide SSL/TLS support. The Triple-DES ciphers have been shown vulnerable to Sweet32 Birthday attacks that analyze lots of traffic to compromise the key. Let's disable these ciphers out of the box.
Additional Information	As a workaround in version 3.8, you can add a Java System property to your setenv and sym_service.conf file: -Dsymmetric.ssl.ignore.ciphers=TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Tags	No tags attached.

SymmetricDS: 3.9 00261195 2017-10-27 11:43:45 admin Details Diff	0003291: Disable 3DES ciphers that are vulnerable to Sweet32 Birthday attacks	Affected Issues 0003291
	mod - symmetric-server/src/main/deploy/bin/setenv	Diff File
	mod - symmetric-server/src/main/deploy/bin/setenv.bat	Diff File
	mod - symmetric-server/src/main/deploy/conf/sym_service.conf	Diff File

Date Modified	Username	Field	Change
2017-10-27 15:42	elong	New Issue
2017-10-27 15:42	elong	Status	new => assigned
2017-10-27 15:42	elong	Assigned To	=> elong
2017-10-27 15:44	elong	Status	assigned => resolved
2017-10-27 15:44	elong	Resolution	open => fixed
2017-10-27 15:44	elong	Fixed in Version	=> 3.9.0
2017-12-15 21:21	mmichalek	Status	resolved => closed
2018-02-14 20:08	admin	Changeset attached	=> SymmetricDS 3.9 00261195