Sweet32 attack (DES, 3DES)


This resource is maintained for historical reference and does not contain the latest vulnerability info for Python.

The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format. This vulnerability can be viewed online at the Open Source Vulnerability Database.

Remove 3DES from ssl default cipher list.

Sweet32 vulnerability found by Karthik Bhargavan and Gaetan Leurent from the INRIA.


  • Disclosure date: 2016-08-24 (end of the Sweet32 embargo)
  • Reported by: Karthik Bhargavan and Gaetan Leurent (Sweet32)

Fixed In

Python issue

Remove 3DES from cipher list (sweet32 CVE-2016-2183).

  • Python issue: bpo-27850
  • Creation date: 2016-08-24
  • Reporter: Christian Heimes


The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a “Sweet32” attack.


Timeline using the disclosure date 2016-08-24 as reference: