View Issue Details

IDProjectCategoryView StatusLast Update
0003291SymmetricDSImprovementpublic2018-02-14 15:08
ReporterelongAssigned Toelong 
PrioritynormalSeverityminorReproducibilityN/A
Status closedResolutionfixed 
Product Version3.9.0 
Target Version3.9.0Fixed in Version3.9.0 
Summary0003291: Disable 3DES ciphers that are vulnerable to Sweet32 Birthday attacks
DescriptionSymmetricDS is using Jetty and the Java Cryptography Architecture to provide SSL/TLS support. The Triple-DES ciphers have been shown vulnerable to Sweet32 Birthday attacks that analyze lots of traffic to compromise the key. Let's disable these ciphers out of the box.
Additional InformationAs a workaround in version 3.8, you can add a Java System property to your setenv and sym_service.conf file:

-Dsymmetric.ssl.ignore.ciphers=TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TagsNo tags attached.

Activities

There are no notes attached to this issue.

Related Changesets

SymmetricDS: 3.9 00261195

2017-10-27 11:43:45

admin

Details Diff
0003291: Disable 3DES ciphers that are vulnerable to Sweet32 Birthday
attacks

0003291
mod - symmetric-server/src/main/deploy/bin/setenv Diff File
mod - symmetric-server/src/main/deploy/bin/setenv.bat Diff File
mod - symmetric-server/src/main/deploy/conf/sym_service.conf Diff File

Issue History

Date Modified Username Field Change
2017-10-27 11:42 elong New Issue
2017-10-27 11:42 elong Status new => assigned
2017-10-27 11:42 elong Assigned To => elong
2017-10-27 11:44 elong Status assigned => resolved
2017-10-27 11:44 elong Resolution open => fixed
2017-10-27 11:44 elong Fixed in Version => 3.9.0
2017-12-15 16:21 mmichalek Status resolved => closed
2018-02-14 15:08 admin Changeset attached => SymmetricDS 3.9 00261195