Joe 8 years ago
It has come to our attention that there is yet another vulnerability in OpenSSL called Sweet32 (https://sweet32.info/). Just to let you know we have disabled all DES and 3DES ciphers.
  • 9

Replies

  • Joe 8 years ago
    Yes it did because of this vulnerability. They get a heads up over us mere mortals 😜 so we have to wait for the statement before we can do anything about it.
    • 0
  • Bandie 8 years ago
    @joe OpenSSL threw DES and 3DES out in its new version afaik.
    • 1
  • Joe 8 years ago
    Well that's only been proven in TLS until the last few days. It isn't DES or 3DES on it's own. It still had an A+ rating on SSLLabs and was still parked as secure via the Mozilla Cipher suites... You will have never used it though as it would only have been very old browsers (IE8 on XP). All these are dead now.
    • 1
  • Bandie 8 years ago
    @joe Brute forcable.
    • 1
  • Joe 8 years ago
    @bandie??
    • 0
  • Bandie 8 years ago
    Well.. DES and 3DES... ...... Joe. Pls.
    • 0
  • Johnnynull 8 years ago
    Thanks for the heads up.
    • 1
  • Dawn 8 years ago
    Oh that's ok then thanks. X
    • 1
  • Joe 8 years ago
    Almost every website. It's not worth worrying about it though tbh. Your web browser will make sure your safe enough 😀
    • 1
  • Dawn 8 years ago
    What sort of sites...
    • 1
  • Joe 8 years ago
    No it probably wouldn't have affected you any way on Pjuu. They are just older cryptography but they're disables for us now. Not sure about other sites with higher traffic though
    • 1
  • Dawn 8 years ago
    @joe is this bad? How does it effect us...
    • 1