How DigiCert and its partners are putting trust to work to solve real problems today.
While the world is pushed—or forced—toward digitizing all business processes, workflows and functions, the lessons from the early days of the Internet can be a predictor of success. Learn how Digital Trust can make or break your strategy and how the wrong solution may be setting your organization up for failure in less than three years.
View the webinar on-demand: “Taming Certificate Sprawl”
Today, researchers announced the Sweet32 Birthday attack, which affects the triple-DES cipher. Although the OpenSSL team rated the triple-DES vulnerability as low, they stated “triple-DES should now be considered as ‘bad’ as RC4.” DigiCert security experts as well as other security pros recommend disabling any triple-DES cipher on your servers.
The Sweet32 Birthday attack does not affect SSL Certificates; certificates do not need to be renewed, reissued, or reinstalled.
The DES ciphers (and triple-DES) only have a 64-bit block size. This enables an attacker to run JavaScript in a browser and send large amounts of traffic during the same TLS connection, creating a collision. With this collision, the attacker is able to retrieve information from a session cookie.
The triple-DES cipher is supported by a vast majority of HTTPS servers and all major web browsers—around 600 of the most-visited websites. Fortunately, most browsers opt to use AES rather than triple-DES when making an HTTPS connection.
To mitigate, follow one of these steps:
Because OpenSSL rated the Sweet32 Birthday attack as "Low Severity," they put the fix into their repository. For more information, see the Sweet32 Issue, CVE-2016-2183 blog or the Sweet32 website.
© 2023 DigiCert, Inc. All rights reserved.
Legal Repository WebTrust Audits Terms of Use Privacy Policy Accessibility Cookie Settings Privacy Request Form