CVE-2016-2183: openssl: Birthday attacks on 64-bit block ciphers aka triple-des (SWEET32)
This document (7017985) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise Server 12 Service Pack 1 (SLES 12 SP1)
SUSE Linux Enterprise Server 12 GA LTSS (SLES 12 GA LTSS)
SUSE Linux Enterprise Server 11 Service Pack 4 (SLES 11 SP4)
SUSE Linux Enterprise Server 11 Service Pack 3 LTSS (SLES 11 SP3 LTSS)
SUSE Linux Enterprise Server 11 Service Pack 2 LTSS (SLES 11 SP2 LTSS)
SUSE Linux Enterprise Server 12 GA LTSS (SLES 12 GA LTSS)
SUSE Linux Enterprise Server 11 Service Pack 4 (SLES 11 SP4)
SUSE Linux Enterprise Server 11 Service Pack 3 LTSS (SLES 11 SP3 LTSS)
SUSE Linux Enterprise Server 11 Service Pack 2 LTSS (SLES 11 SP2 LTSS)
Situation
On the 24th of August 2016 a new security vulnerability against 64Bit sized block ciphers (like Triple-DES and Blowfish) was published.
The codename is SWEET32 and it was released on https://sweet32.info
The amount of traffic needed to break such a 64Bit cipher is high (3 digit GB range) and it needs to be sniffable by a local attacker, so the severity of this vulnerability has been marked as "moderate".
The codename is SWEET32 and it was released on https://sweet32.info
The amount of traffic needed to break such a 64Bit cipher is high (3 digit GB range) and it needs to be sniffable by a local attacker, so the severity of this vulnerability has been marked as "moderate".
Resolution
SUSE asks all customers to review the Cipher list configuration in SSL / TLS server programs, like e.g. Apache2, Postfix, Cyrus IMAPD and disable 3DES based ciphers and block them with '!3DES'.
SUSE will release OpenSSL updates that will move the 3DES ciphers from the "HIGH" security list to the "MEDIUM" security list. This will benefit services that use the "HIGH" SSL cipher string keyword to only allow secure ciphers.
SUSE will release OpenSSL updates that will move the 3DES ciphers from the "HIGH" security list to the "MEDIUM" security list. This will benefit services that use the "HIGH" SSL cipher string keyword to only allow secure ciphers.
Cause
The SWEET32 issue is not a code bug but an inherent problem with the 64-Bit block ciphers that became exploitable with the fact that generating internet traffic is a lot easier these days so that existing safety boundaries of limited bit size block ciphers are being reached.
Block ciphers that provide only 64-Bit of safety are for example Triple-DES or Blowfish.
The SWEET32 attach has several preconditions that make the attack unlikely:
SSL / TLS mitigation
For SSL/TLS usage, all SUSE products by default use stronger block ciphers (AES) which provide either 128 or 256 bit block sizes.
All TLS connections will use the best ciphers available and are then not affected by this vulnerability.
Especially OpenSSL 1.0.1 on SUSE Linux Enterprise Server 12 uses a cipher list order sorted by strength.
The Triple-DES cipher is currently only listed as fallback cipher for very old servers and should be disabled. To do so simply add "!3DES" at the end of the standard OpenSSL cipher string configuration, e.g. in Apache2 "SSLCipherSuite".
OpenVPN mitigation
OpenVPN uses the blowfish cipher by default. This should be changed in the configuration file by using the "cipher" keyword.
Block ciphers that provide only 64-Bit of safety are for example Triple-DES or Blowfish.
The SWEET32 attach has several preconditions that make the attack unlikely:
- Several gigabytes of data need to be generated and also sniffed and plain text patterns have to be present
- The attacker has to rely on weak 64-Bit block ciphers being used used for the communication
SSL / TLS mitigation
For SSL/TLS usage, all SUSE products by default use stronger block ciphers (AES) which provide either 128 or 256 bit block sizes.
All TLS connections will use the best ciphers available and are then not affected by this vulnerability.
Especially OpenSSL 1.0.1 on SUSE Linux Enterprise Server 12 uses a cipher list order sorted by strength.
The Triple-DES cipher is currently only listed as fallback cipher for very old servers and should be disabled. To do so simply add "!3DES" at the end of the standard OpenSSL cipher string configuration, e.g. in Apache2 "SSLCipherSuite".
OpenVPN mitigation
OpenVPN uses the blowfish cipher by default. This should be changed in the configuration file by using the "cipher" keyword.
Additional Information
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7017985
- Creation Date: 25-Aug-2016
- Modified Date:03-Mar-2020
-
- SUSE Linux Enterprise Server
- SUSE Linux Enterprise Server for SAP Applications
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
