Hello,
We are running the latest version Symantec Messaging Gateway, we scanned this system on vulnerabilities with Qualys secure scan.
Qualys found one vulnerability with severity 3: Birthday attacks against TLS ciphers / Sweet32 CVE-2016-2183
How do we fix this in the gateways webconsole?
THREAT:
Technical Report page 11
Legacy block ciphers having block size of 64 bits are vulnerable to a practical collision attack when used in CBC mode.
All versions of SSL/TLS
protocol support cipher suites which use DES or 3DES as the symmetric encryption cipher are affected.
IMPACT:
Remote attackers can obtain cleartext data via a birthday attack against a long-duration encrypted session.
SOLUTION:
Disable and stop using DES and 3DES ciphers.
The following openssl commands can be used to do a manual test:
openssl s_client -connect ip:port
-cipher "DES:3DES" -ssl2
openssl s_client -connect ip:port -cipher "DES:3DES" -ssl3
openssl s_client -connect ip:port -cipher
"DES:3DES" -tls1
openssl s_client -connect ip:port -cipher "DES:3DES" -tls1_1
openssl s_client -connect ip:port -cipher
"DES:3DES" -tls1_2
If any of these tests is successful, then the target is vulnerable to Sweet32.
Thanks,
LEVD