Sweet32 attack (DES, 3DES)

Remove 3DES from ssl default cipher list.

Sweet32 vulnerability found by Karthik Bhargavan and Gaetan Leurent from the INRIA.


  • Disclosure date: 2016-08-24 (end of the Sweet32 embargo)
  • Reported by: Karthik Bhargavan and Gaetan Leurent (Sweet32)

Fixed In

Python issue

Remove 3DES from cipher list (sweet32 CVE-2016-2183).

  • Python issue: bpo-27850
  • Creation date: 2016-08-24
  • Reporter: Christian Heimes


The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a “Sweet32” attack.


Timeline using the disclosure date 2016-08-24 as reference: