Sweet32 attack (DES, 3DES)¶
Remove 3DES from ssl default cipher list.
Sweet32 vulnerability found by Karthik Bhargavan and Gaetan Leurent from the INRIA.
- Disclosure date: 2016-08-24 (end of the Sweet32 embargo)
- Reported by: Karthik Bhargavan and Gaetan Leurent (Sweet32)
- Python 2.7.13 (2016-12-17) fixed by commit d988f42 (branch 2.7) (2016-09-06)
- Python 3.4.7 (2017-08-09) fixed by commit fa53dbd (branch 3.4) (2017-03-10)
- Python 3.5.3 (2017-01-17) fixed by commit 03d13c0 (branch 3.5) (2016-09-06)
- Python 3.6.0 (2016-12-23) fixed by commit 03d13c0 (branch 3.5) (2016-09-06)
Remove 3DES from cipher list (sweet32 CVE-2016-2183).
- Python issue: bpo-27850
- Creation date: 2016-08-24
- Reporter: Christian Heimes
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a “Sweet32” attack.
Timeline using the disclosure date 2016-08-24 as reference:
- 2016-08-24: Disclosure date (end of the Sweet32 embargo)
- 2016-08-24 (+0 days): Python issue bpo-27850 reported by Christian Heimes
- 2016-08-31 (+7 days): CVE-2016-2183 published
- 2016-09-06 (+13 days): commit 03d13c0 (branch 3.5)
- 2016-09-06 (+13 days): commit d988f42 (branch 2.7)
- 2016-12-17 (+115 days): Python 2.7.13 released
- 2016-12-23: Python 3.6.0 released
- 2017-01-17 (+146 days): Python 3.5.3 released
- 2017-03-10 (+198 days): commit fa53dbd (branch 3.4)
- 2017-08-09 (+350 days): Python 3.4.7 released