The SWEET32 Issue, CVE-2016-2183 on Openssl package.

bhyri kalyan bhyri.k at gmail.com
Thu Jul 4 14:37:37 UTC 2019 

Hi All,

 Please respond to my below query.

Currently we are using  openssl_1_0_2r version and we ran the Nessus tool
on  this openssl version  code found The SWEET32  (
https://www.openssl.org/blog/blog/2016/08/24/sweet32/) Issue.  So to
resolve that issue  I am trying to disable the ‘3des’  ciphers  or to
use only HIGH ciphers instead.  Can you please providing  some inputs for
making openssl package to use only   HIGH ciphers or  let me know how to
disable ‘3des’ cipher in openssl ( I   already tried by keeping “no-3des”
but it doesn’t work).

Thanks & Regards
kalyan





On Thu, 4 Jul 2019 at 15:06, Matt Caswell <matt at openssl.org> wrote:

>
>
> On 04/07/2019 05:36, bhyri kalyan wrote:
> > Hi Team,
> >
> > I already subscribed to mailing list still getting this notice.so can
> you please
> > respond to my below query.
>
> I couldn't see your name in the subscriber list, so it looks like your
> subscription request did not work for some reason. Anyway I have manually
> subscribed you now.
>
> Please resend your email to openssl-users at openssl.org, and hopefully it
> should
> go through this time.
>
> Matt
>
>
> >
> > Thanks,
> > kalyan
> >
> >
> > On Thu, 4 Jul 2019 at 09:22, <openssl-users-owner at openssl.org
> > <mailto:openssl-users-owner at openssl.org>> wrote:
> >
> >     In order to post a message to this mailing list, you must be
> >     subscribed to it.
> >
> >     Please visit https://mta.openssl.org/mailman/listinfo to join any
> >     openssl mailing lists.
> >
> >     If you are subscribed, but still get this notice, you can send email
> >     to openssl-users-owner at openssl.org <mailto:
> openssl-users-owner at openssl.org>.
> >
> >
> >
> >
> >     ---------- Forwarded message ----------
> >     From: bhyri kalyan <bhyri.k at gmail.com <mailto:bhyri.k at gmail.com>>
> >     To: openssl-users at openssl.org <mailto:openssl-users at openssl.org>
> >     Cc:
> >     Bcc:
> >     Date: Thu, 4 Jul 2019 09:21:53 +0530
> >     Subject: The SWEET32 Issue, CVE-2016-2183 on Openssl package.
> >
> >     Hi All,
> >
> >
> >     Currently we are using  openssl_1_0_2r version and we ran the Nessus
> tool on
> >     this openssl version  code found The SWEET32
> >     <https://www.openssl.org/blog/blog/2016/08/24/sweet32/> Issue.
> >
> >     So to resolve that issue  I am trying to disable the ‘3des’  ciphers
>  or to
> >     use only HIGH ciphers instead.
> >
> >     Can you please providing  some inputs for making openssl package to
> use only
> >     HIGH ciphers or  let me know how to disable ‘3des’ cipher in openssl
> ( I
> >     already tried by keeping “no-3des” but it doesn’t work).
> >
> >
> >     Thanks,
> >
> >     kalyan
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190704/a6f82bf2/attachment-0001.html>

More information about the openssl-users mailing list