Re: The SWEET32 Issue, CVE-2016-2183 on Openssl package.

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: The SWEET32 Issue, CVE-2016-2183 on Openssl package.

bhyri kalyan

Hi All,

 Please respond to my below query. 

Currently we are using  openssl_1_0_2r version and we ran the Nessus tool on  this openssl version  code found The SWEET32  (https://www.openssl.org/blog/blog/2016/08/24/sweet32/) Issue.  So to resolve that issue  I am trying to disable the ‘3des’  ciphers  or to
use only HIGH ciphers instead.  Can you please providing  some inputs for making openssl package to use only   HIGH ciphers or  let me know how to disable ‘3des’ cipher in openssl ( I   already tried by keeping “no-3des” but it doesn’t work).

Thanks & Regards
kalyan



 

On Thu, 4 Jul 2019 at 15:06, Matt Caswell <[hidden email]> wrote:


On 04/07/2019 05:36, bhyri kalyan wrote:
> Hi Team,
>
> I already subscribed to mailing list still getting this notice.so can you please
> respond to my below query.

I couldn't see your name in the subscriber list, so it looks like your
subscription request did not work for some reason. Anyway I have manually
subscribed you now.

Please resend your email to [hidden email], and hopefully it should
go through this time.

Matt


>
> Thanks,
> kalyan
>
>
> On Thu, 4 Jul 2019 at 09:22, <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     In order to post a message to this mailing list, you must be
>     subscribed to it.
>
>     Please visit https://mta.openssl.org/mailman/listinfo to join any
>     openssl mailing lists.
>
>     If you are subscribed, but still get this notice, you can send email
>     to [hidden email] <mailto:[hidden email]>.
>
>
>
>
>     ---------- Forwarded message ----------
>     From: bhyri kalyan <[hidden email] <mailto:[hidden email]>>
>     To: [hidden email] <mailto:[hidden email]>
>     Cc: 
>     Bcc: 
>     Date: Thu, 4 Jul 2019 09:21:53 +0530
>     Subject: The SWEET32 Issue, CVE-2016-2183 on Openssl package.
>
>     Hi All,
>
>
>     Currently we are using  openssl_1_0_2r version and we ran the Nessus tool on
>     this openssl version  code found The SWEET32
>     <https://www.openssl.org/blog/blog/2016/08/24/sweet32/> Issue.
>
>     So to resolve that issue  I am trying to disable the ‘3des’  ciphers  or to
>     use only HIGH ciphers instead.
>
>     Can you please providing  some inputs for making openssl package to use only
>     HIGH ciphers or  let me know how to disable ‘3des’ cipher in openssl ( I
>     already tried by keeping “no-3des” but it doesn’t work).
>
>
>     Thanks,
>
>     kalyan
>