Sweet 32 Attack - Apache

Updated on:

Overview

Sweet32 affects TLS ciphers, also OpenSSL consider Triple DES cipher is now vulnerable as RC4 cipher . The DES ciphers (and triple-DES) only have a 64-bit block size. This enables an attacker to run JavaScript in a browser and send large amounts of traffic during the same TLS connection, creating a collision. With this collision, the attacker is able to retrieve information from a session cookie.

          Disabling 3DES cipher in Apache is too easy, just follow the below steps to implement.

 Mitigation

 To mitigate, follow one of these steps:

  • Disable any triple-DES cipher on servers that still support it.
  • Upgrade old servers that do not support stronger ciphers than DES or RC4

Solution

[root@hostname ~]# grep –i sslciphersuiteSSLCipherSuite

EECDH+AESGCM:EECDH+AES256:EECDH+AES128:EDH+AES:RSA+AESGCM:RSA+AE:!ECDSA:!NULL:!MD5:!DSS:3DES

vim /etc/httpd/conf.d/ssl.conf...SSLCipherSuite

EECDH+AESGCM:EECDH+AES256:EECDH+AES128:EDH+AES:RSA+AESGCM:RSA+AES:!ECDSA:!NULL:!MD5:!DSS:!3DES

Restart the Webserver to effect the changes.

More from Middleware Inventory

  • Sweet 32 Attack - IIS

    Overview Sweet32 affects TLS ciphers, also OpenSSL consider Triple DES cipher is now vulnerable as RC4 cipher . The DES ciphers (and triple-DES) only have a 64-bit block size. This enables an attacker to run JavaScript in a browser and send large amounts of traffic during the same TLS connection, creating…

  • Cross Site Scripting Attack - Apache/IHS

    Overview   Cross Site Scripting (XSS) protection can be bypassed in many browsers. You can apply this protection for a web application if it was disabled by the user. This is used by a majority of giant web companies like Facebook, Twitter, Google, etc. Solution Go to $Web_Server/conf directory Open…

  • Apache Clickjack
    How to Disable the Weak Ciphers – Apache/IHS

    Overview SSL Cipher is an encryption algorithm, which is used as a key between two computers over the Internet. Data encryption is the process of converting plain text into secret ciphered codes. It’s based on your web server SSL Cipher configuration and strong protocol that allows data encryption to take…

  • Disable WebServer Banner Apache/IHS

    Overview Don’t display or send Apache version (Set ServerTokens) By default, the server HTTP response header will contains apache and php version. Something similar to the following. This is harmful, as we don’t want an attacker to know about the specific version number. Apache can reveal information by default configuration,…

  • Poodle fix – Apache/IHS

    Overview POODLE  is an security vulnerability in SSLv3 discovered by Google. POODLE stands for Padding Oracle On Downgraded Legacy Encryption. All the websites supporting SSLv3 is vulnerable to POODLE, even if it also supports more recent versions of TLS. Using POODLE a hacker run Man-in-the-middle attacks attacks in your network…