Select Page

SWEET32 Birthday attack : How to fix TLS vulnerability (CVE-2016-2183) in OpenSSL, Apache, Nginx and IIS in RedHat, CentOS, Ubuntu, Debian, OpenSUSE  and Windows

SWEET32 Birthday attack : How to fix TLS vulnerability (CVE-2016-2183) in OpenSSL, Apache, Nginx and IIS in RedHat, CentOS, Ubuntu, Debian, OpenSUSE and Windows

Over 80% websites in the internet are vulnerable to hacks and attacks. In our role as hosting support engineers for web hosts, we perform periodic security scans and updates in servers to protect them from hacks.

A recent bug that affects the servers is the SWEET32 vulnerability. By exploiting a weak cipher ‘3DES-CBC’ in TLS encryption, this bug has caused many server owners to panic about their data security.

If you see that your website is failing security scans with this message, that means your server is vulnerable to SWEET32 attacks.

“SSL/TLS server supports short block sizes (SWEET32 attack)”

See how we secure your servers!

What is SWEET32 Birthday Attack?

By default, servers have ‘3DES-CBC’ cipher enabled in TLS. This makes HTTPS connections in those servers vulnerable to this SWEET32 bug.

Hackers can then easily decrypt your valuable data using a method called Birthday Attack. Here’s how it works:

The web server encrypts data using cryptographic keys. These keys are chosen randomly, and the probability of any two customers getting the same key is very low.

By misusing the SWEET32 vulnerability, an attacker can send in large volume of dummy data, and get blocks of cipher text that matches that of a customer.

To break it down:

  1. The attacker sniffs all data sent to your customer.
  2. Attacker sends dummy data to your server until a key used for a customer matches the attacker’s session key.
  3. Once there’s a match, sensitive data can be decrypted by determining how the key was chosen.

 

Are your servers vulnerable to SWEET32 attack?

OpenSSL protocol uses the vulnerable ‘Triple-DES’ ciphers for encrypting the data. So if your web servers such as Apache, NginX, etc. uses OpenSSL with the vulnerable ‘Triple-DES’ cipher support, your server is susceptible to attack.

If your servers are running OpenSSL versions prior to 1.0.1, which cannot support strong ciphers, your servers are already vulnerable to many other attacks too, such as CCS Injection Vulnerability.

The first thing we do, is check the version of OpenSSL server:

root@host ~ $ openssl version
OpenSSL 1.0.1f 6 Jan 2014

To examine the ciphers that are enabled in the OpenSSL server, we use the ‘nmap’ command. The code ‘3DES’ indicate cipher suites that use triple DES encryption. These are the ones we disable for server security.


Your server could be under threat!

Don't panic! We will secure your sites from SWEET32 attacks promptly.

CLICK NOW TO PROTECT YOUR SERVER


20 Comments

  1. I made the regedit change to stop the IIS attack, then rescanned the server with Trustwave and it is still coming up as vulnerable. Any suggestions?

    Reply
    • Tim,

      The registry edits and restricting the ciphers can vary with the Windows version you’re running in your server. Please feel free to contact our 24/7 support team here – https://bobcares.com/contact-us/ – for further assistance.

      Reply
  2. You need to add the registry dword ‘Enabled’ and set it to 0. So the full path for disabling in IIS is
    “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168”

    new dword Enabled = 0

    Reply
    • Hi,

      The cipher setting varies with the Windows version in the server. In earlier versions, if you do not configure the Enabled value, the default is enabled. This setting is to disable that Triple DES cipher. If it is not enabled, then no need to worry.

      Reply
  3. I use plesk 12.5 and have already used their recommendations for PCI compliance, which includes updating the cipher text as you mentioned. However, their cipher text is much longer that the one that you have suggested, “EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SHA256+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH+SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!KRB5:!aECDH:!EDH+3DES”. I am hesitant to change this for your much shorter cipher text. I found that merely adding, “:!3DES”, to the end of my cipher text, it removed all of the 3DES ciphers. This seems sufficient, but I thought I would get your thoughts on the matter.

    Reply
    • Jason,

      Since SWEET32 is based on 3DES vulnerability, the key intention behind this article is on how to avoid using that cipher in your servers. AES cipher is considered a strong cipher as of now and it comes in 128 and 256 bit combinations. You can enable as many strong ciphers as you would like your server to support.

      Reply
  4. Making this registry change to remediate the vulnerability break RDP. No more remote desktop when applied!
    “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168”
    new dword Enabled = 0

    Reply
    • Bruno,

      You may have to update RDP packages to support the latest versions of TLS. Please feel free to contact our 24/7 support team here – https://bobcares.com/contact-us/ – for further assistance.

      Reply
  5. Hey, Bob. Just wanted to say that this information helped me pass my TrustKeeper compliance test. Good stuff!

    Reply
    • Thank you, happy to know that 🙂

      Reply
  6. I have 3 servers that are currently affected:
    – Windows Server 2012R2
    – Windows Server 2008R2
    – Windows Server 2008

    After editing the registry changes, do I need to reboot the servers for the changes to take effect

    Reply
    • Server restart is not required for the cipher key changes to come into effect, but maybe required for protocol key changes. However, as mentioned, you need to be very careful while editing the registry. Please feel free to contact our 24/7 support team here – https://bobcares.com/contact-us/ – for further assistance.

      Reply
      • I have encountered some issue. I have a Windows Server 2008R2 server has been detected with this Sweet32 Vulnerability.

        The following is the registry configuration.

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
        “Enabled”=dword:00000000

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
        “Enabled”=dword:00000000

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
        “Enabled”=dword:00000000

        So for this Scenario, How will I be able to disable 3DES Cipher ? Kindly advise ?

        Reply
        • Hi,

          To disable the 128-bit weak cipher, edit the value in ‘SCHANNEL\Ciphers\RC4 128/128 subkey’ and change the DWORD value data to 0x0. Repeat this for all such entries related to weak ciphers.

          Reply
          • But isn’t that for Disabling RC4 Cipher Suite ?

            And these 3 are already disabled.

            What I mean is I am unable to find this registry below from W2K8 and W2K8R2 Servers.

            \SCHANNEL\Ciphers\Triple DES 168

            How could I resolve this issue ?

          • Hi,

            For keys that are not being listed, you may have to manually add the cipher keys and disable them, as the default value is ‘Enabled’. Please feel free to contact our 24/7 support team here – https://bobcares.com/contact-us/ – for any further assistance.

  7. Planning on making this change, but would like to know if it will break Microsoft Exchange Server / mail Flow??

    Reply
    • Jake,

      It would depend on the Exchange server you’re running on. SMTP support for TLS 1.1 and 1.2 were added in Exchange Server 2013 CU8 and Exchange Server 2010 SP3 RU9. So, if you update the ciphers and TLS versions, you may need to apply an update for the SMTP service or else mails may stop working.

      Please feel free to contact our 24/7 support team here – https://bobcares.com/contact-us/ – for a detailed investigation and further assistance.

      Reply
  8. Dear Team,

    We are using RHEL5 and wanted to get away with Sweet32 Vulnerability. For which we are trying to upgrade the openssl package from 1.0.1u to 1.1.0f. But we are facing lot of issues. Could you please suggest an alternate.

    Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Bobcares
Bobcares is a server management company that helps businesses deliver uninterrupted and secure online services. Our engineers manage close to 51,500 servers that include virtualized servers, cloud infrastructure, physical server clusters, and more.
MORE ABOUT BOBCARES