Sweet 32 Attack - Apache


Sweet32 affects TLS ciphers, also OpenSSL consider Triple DES cipher is now vulnerable as RC4 cipher . The DES ciphers (and triple-DES) only have a 64-bit block size. This enables an attacker to run JavaScript in a browser and send large amounts of traffic during the same TLS connection, creating a collision. With this collision, the attacker is able to retrieve information from a session cookie.

          Disabling 3DES cipher in Apache is too easy, just follow the below steps to implement.


 To mitigate, follow one of these steps:

  • Disable any triple-DES cipher on servers that still support it.
  • Upgrade old servers that do not support stronger ciphers than DES or RC4


[root@hostname ~]# grep –i sslciphersuiteSSLCipherSuite


vim /etc/httpd/conf.d/ssl.conf...SSLCipherSuite


Restart the Webserver to effect the changes.