CVE-2016-2183: Sweet32 attack (DES, 3DES)

Remove 3DES from ssl default cipher list.

Sweet32 vulnerability found by Karthik Bhargavan and Gaetan Leurent from the INRIA.

  • Disclosure date: 2016-08-24 (end of the Sweet32 embargo)
  • Reported by: Karthik Bhargavan and Gaetan Leurent (Sweet32)

Fixed In

Python issue

Remove 3DES from cipher list (sweet32 CVE-2016-2183).

  • Python issue: issue #27850
  • Creation date: 2016-08-24
  • Reporter: Christian Heimes

CVE-2016-2183

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a “Sweet32” attack.

Timeline

Timeline using the disclosure date 2016-08-24 as reference:

  • 2016-08-24: Disclosure date (end of the Sweet32 embargo)
  • 2016-08-24 (+0 days): Python issue #27850 reported by Christian Heimes
  • 2016-09-01 (+8 days): CVE-2016-2183 published
  • 2016-09-06 (+13 days): commit 03d13c0
  • 2016-09-06 (+13 days): commit d988f42
  • 2016-12-17 (+115 days): Python 2.7.13 released
  • 2016-12-23: Python 3.6.0 released
  • 2017-01-17 (+146 days): Python 3.5.3 released
  • 2017-03-10 (+198 days): commit fa53dbd
  • 2017-08-09 (+350 days): Python 3.4.7 released