The obvious way to avoid these attacks is to stop using legacy 64-bit block ciphers. Alternatively, the attack can be mitigated by rekeying the session frequently.
Concretely, we recommend the following measures to prevent our attack:
- Web servers and VPNs should be configured to prefer 128-bit ciphers. According to our scans, about 1.1% of the top 100k web server from Alexa, and 0.5% of the top 1 million, support AES but prefer to use 3DES.
- Web browsers should offer 3DES as a fallback-only cipher, to avoid using it with servers that support AES but prefer 3DES.
- TLS libraries and applications should limit the length of TLS sessions with a 64-bit cipher. This could be done with TLS renegotiation, or in some cases by closing the connection and starting a new one (i.e. limiting HTTP/1.1 Keep-Alive, SPDY, and HTTP/2 with 3DES ciphersuites).
- OpenVPN users can change the cipher from the default Blowfish to AES, using for instance
cipher AES-128-CBCon the client and server configuration. If they don't control the server configuration, they can mitigate the attack by forcing frequent rekeying with
The vulnerability CVE-2016-2183 is about a way to compromise Triple-DES cipher. This cipher is enabled by default in BSA and BDSSA as it is one of the FIPS 140-2 approved algorithm.
Successfully carrying out the TLS variant of the Sweet32 attack requires a very particular set of capabilities on the part of the attacker.
Given the list of requirements and the fact that BSA and BDSSA are not hosted in public domain (trusted network), we rate it to low severity with no immediate action required.
However, if customers still want to disable the cipher based on their internal security policies they can disable Triple DES (3DES) cipher in BSA Appserver as described below and in BDSSA as described below.
How to disable Triple DES (3DES) cipher in BSA Appserver and BDSSA?
Triple DES (3DES) cipher can be disabled in appserver-options.properties of each Appserver deployments using steps given below (in version 8.6 and above).
Configuration file change in BSA AppServer
Set the value of parameters EnabledCipherSuites and EnabledCipherSuitesForWebservices in appserver-options.properties of each Appserver deployments as seen below. Essentially, remove the cipher SSL_RSA_WITH_3DES_EDE_CBC_SHA (having 3DES) in its name.
Configuration file changes in BDSSA
In file /opt/bmc/BDSSA//tomcat/conf/server.xml, add/modify the following attribute into <Connector> tag. Essentially, remove the cipher SSL_RSA_WITH_3DES_EDE_CBC_SHA (having 3DES) in its name.
Change the files httpd-ssl.conf and httpd-ssl.conf.tmpl located at /opt/bmc/BDSSA/webserver/conf/extra, so that the value of parameter SSLCipherSuite is as seen in code block below. Essentially, remove the cipher DES-CBC3-SHA (having DES) in its name.