SUMMARY
How to resolve the SWEET32 3DES cipher vulnerability.
CVE ID
CVE-2016-2183
DESCRIPTION
A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.
OpenSSL security update openssl-1.0.1e-48.el6_8.3 mitigates this issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string.
RESOLUTION
Unitrends Risk Assessment: None with latest security update
For CentOS6, resolved in latest Unitrends security update via openssl-1.0.1e-48.el6_8.3 and removing 3DES ciphers.
For CentOS5, will not fix. Need to migrate to CentOS6.
LINK TO ADVISORIES
NOTES
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2183
https://access.redhat.com/security/cve/cve-2016-2183
https://rhn.redhat.com/errata/RHSA-2016-1940.html