View Issue Details

IDProjectCategoryView StatusLast Update
0003291SymmetricDSImprovementpublic2017-10-27 11:44
ReporterelongAssigned Toelong 
Status resolvedResolutionfixed 
Product Version3.9.0 
Target Version3.9.0Fixed in Version3.9.0 
Summary0003291: Disable 3DES ciphers that are vulnerable to Sweet32 Birthday attacks
DescriptionSymmetricDS is using Jetty and the Java Cryptography Architecture to provide SSL/TLS support. The Triple-DES ciphers have been shown vulnerable to Sweet32 Birthday attacks that analyze lots of traffic to compromise the key. Let's disable these ciphers out of the box.
Additional InformationAs a workaround in version 3.8, you can add a Java System property to your setenv and sym_service.conf file:

TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2017-10-27 11:42 elong New Issue
2017-10-27 11:42 elong Status new => assigned
2017-10-27 11:42 elong Assigned To => elong
2017-10-27 11:44 elong Status assigned => resolved
2017-10-27 11:44 elong Resolution open => fixed
2017-10-27 11:44 elong Fixed in Version => 3.9.0