View Issue Details

IDProjectCategoryView StatusLast Update
0003291SymmetricDSImprovementpublic2018-02-14 20:08
Reporterelong Assigned Toelong  
Status closedResolutionfixed 
Product Version3.9.0 
Target Version3.9.0Fixed in Version3.9.0 
Summary0003291: Disable 3DES ciphers that are vulnerable to Sweet32 Birthday attacks
DescriptionSymmetricDS is using Jetty and the Java Cryptography Architecture to provide SSL/TLS support. The Triple-DES ciphers have been shown vulnerable to Sweet32 Birthday attacks that analyze lots of traffic to compromise the key. Let's disable these ciphers out of the box.
Additional InformationAs a workaround in version 3.8, you can add a Java System property to your setenv and sym_service.conf file:

TagsNo tags attached.


There are no notes attached to this issue.

Related Changesets

SymmetricDS: 3.9 00261195

2017-10-27 11:43:45


Details Diff
0003291: Disable 3DES ciphers that are vulnerable to Sweet32 Birthday
Affected Issues
mod - symmetric-server/src/main/deploy/bin/setenv Diff File
mod - symmetric-server/src/main/deploy/bin/setenv.bat Diff File
mod - symmetric-server/src/main/deploy/conf/sym_service.conf Diff File

Issue History

Date Modified Username Field Change
2017-10-27 15:42 elong New Issue
2017-10-27 15:42 elong Status new => assigned
2017-10-27 15:42 elong Assigned To => elong
2017-10-27 15:44 elong Status assigned => resolved
2017-10-27 15:44 elong Resolution open => fixed
2017-10-27 15:44 elong Fixed in Version => 3.9.0
2017-12-15 21:21 mmichalek Status resolved => closed
2018-02-14 20:08 admin Changeset attached => SymmetricDS 3.9 00261195