SUSE Support

Here When You Need Us

CVE-2016-2183: openssl: Birthday attacks on 64-bit block ciphers aka triple-des (SWEET32)

This document (7017985) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 12 Service Pack 1 (SLES 12 SP1)
SUSE Linux Enterprise Server 12 GA LTSS (SLES 12 GA LTSS)

SUSE Linux Enterprise Server 11 Service Pack 4 (SLES 11 SP4)
SUSE Linux Enterprise Server 11 Service Pack 3 LTSS (SLES 11 SP3 LTSS)
SUSE Linux Enterprise Server 11 Service Pack 2 LTSS (SLES 11 SP2 LTSS)

Situation

On the 24th of August 2016 a new security vulnerability against 64Bit sized block ciphers (like Triple-DES and Blowfish) was published.

The codename is SWEET32 and it was released on https://sweet32.info

The amount of traffic needed to break such a 64Bit cipher is high (3 digit GB range) and it needs to be sniffable by a local attacker, so the severity of this vulnerability has been marked as "moderate".


Resolution

SUSE asks all customers to review the Cipher list configuration in SSL / TLS server programs, like e.g. Apache2, Postfix, Cyrus IMAPD and disable 3DES based ciphers and block them with '!3DES'.

SUSE will release OpenSSL updates that will move the 3DES ciphers from the "HIGH" security list to the "MEDIUM" security list. This will benefit services that use the "HIGH" SSL cipher string keyword to only allow secure ciphers.

Cause

The SWEET32 issue is not a code bug but an inherent problem with the 64-Bit block ciphers that became exploitable with the fact that generating internet traffic is a lot easier these days so that existing safety boundaries of limited bit size block ciphers are being reached.

Block ciphers that provide only 64-Bit of safety are for example Triple-DES or Blowfish.

The SWEET32 attach has several preconditions that make the attack unlikely:
  • Several gigabytes of data need to be generated and also sniffed and plain text patterns have to be present
  • The attacker has to rely on weak 64-Bit block ciphers being used used for the communication
The vulnerability was marked as "moderate" due to these fact.

SSL / TLS mitigation

For SSL/TLS usage, all SUSE products by default use stronger block ciphers (AES) which provide either 128 or 256 bit block sizes.
All TLS connections will use the best ciphers available and are then not affected by this vulnerability.
Especially OpenSSL 1.0.1 on SUSE Linux Enterprise Server 12 uses a cipher list order sorted by strength.

The Triple-DES cipher is currently only listed as fallback cipher for very old servers and should be disabled. To do so simply add "!3DES" at the end of the standard OpenSSL cipher string configuration, e.g. in Apache2 "SSLCipherSuite".

OpenVPN mitigation

OpenVPN uses the blowfish cipher by default. This should be changed in the configuration file by using the "cipher" keyword.

Additional Information

Additional information about the openssl part can be found here

CVE-2016-2183

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7017985
  • Creation Date: 25-Aug-2016
  • Modified Date:03-Mar-2020
    • SUSE Linux Enterprise Server
    • SUSE Linux Enterprise Server for SAP Applications

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.