View Issue Details

IDProjectCategoryView StatusLast Update
0003291SymmetricDSImprovementpublic2017-10-27 11:44
ReporterelongAssigned Toelong 
PrioritynormalSeverityminorReproducibilityN/A
Status resolvedResolutionfixed 
Product Version3.9.0 
Target Version3.9.0Fixed in Version3.9.0 
Summary0003291: Disable 3DES ciphers that are vulnerable to Sweet32 Birthday attacks
DescriptionSymmetricDS is using Jetty and the Java Cryptography Architecture to provide SSL/TLS support. The Triple-DES ciphers have been shown vulnerable to Sweet32 Birthday attacks that analyze lots of traffic to compromise the key. Let's disable these ciphers out of the box.
Additional InformationAs a workaround in version 3.8, you can add a Java System property to your setenv and sym_service.conf file:

-Dsymmetric.ssl.ignore.ciphers=TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TagsNo tags attached.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2017-10-27 11:42 elong New Issue
2017-10-27 11:42 elong Status new => assigned
2017-10-27 11:42 elong Assigned To => elong
2017-10-27 11:44 elong Status assigned => resolved
2017-10-27 11:44 elong Resolution open => fixed
2017-10-27 11:44 elong Fixed in Version => 3.9.0