Explore these pages to discover how DigiCert and its partners are helping organizations establish, manage and extend digital trust to solve real-world problems.
See what our global post-quantum study uncovered about where the world stands in the race to prepare for quantum computing.
Today, researchers announced the Sweet32 Birthday attack, which affects the triple-DES cipher. Although the OpenSSL team rated the triple-DES vulnerability as low, they stated “triple-DES should now be considered as ‘bad’ as RC4.” DigiCert security experts as well as other security pros recommend disabling any triple-DES cipher on your servers.
The Sweet32 Birthday attack does not affect SSL Certificates; certificates do not need to be renewed, reissued, or reinstalled.
The triple-DES cipher is supported by a vast majority of HTTPS servers and all major web browsers—around 600 of the most-visited websites. Fortunately, most browsers opt to use AES rather than triple-DES when making an HTTPS connection.
To mitigate, follow one of these steps: