[ The openssl-security is for reporting security issues in OpenSSL. Answer redirected to openssl-users. ] > On Mar 12, 2017, at 3:55 PM, Oren Rosenmann <rozenman@xxxxxxxxxxx> wrote: > > As part of our software, we use OpenSSL 1.0.2 stream. > Due to Sweet32 attacks, security scanners are suggesting > upgrade to 1.1.0, despite the fact that we actually > disable 3DES ciphers in configuration. If you explicitly disable 3DES (in TLS) then you're not vulnerable to Sweet32, and security scanners should not be reporting Sweet32 exposure. > I wanted to ask if the same change done in 1.1.0 is > also planned sometime for 1.0.2 stream (i.e. disable > by default, not just change from High to Medium)? No. That's too big a change for a stable release, and the Sweet32 issue is not a practical issue for most users. It is a reason to walk not run away from 3DES. > https://www.openssl.org/blog/blog/2016/08/24/sweet32/ > > Also, is the change affecting only ciphers used for > communication? If we use DES to encrypt internal > data, is it also being blocked? Sweet32 is an attack on TLS in browsers, where attackers are able to inject known-plaintext traffic. It is not relevant to encryption of data at rest. That said, do migrate from 3DES to AES. The deprecation of ciphersuites from TLS does not affect the availability of the underlying cryptographic functions. The 3DES algorithm is still available in OpenSSL 1.1.0. You can still use 3DES with CMS, or "openssl enc", but don't forget that "openssl enc" does not include integrity protection, so use CMS, or arrange for some sort of MAC on the underlying data or the output of "enc". For large data streams, you'll probably want to generate a "chunked" encoding with a MAC over every chunk. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
