Solved: SWEET32 Issue, CVE-2016-2183. Check TLS1.0 and disable it in Configuration on Linux.

In this post, we will see how to solve the sweet32 issue i.e CVE-2016-2183 on a Linux host.

Let us see how to check for this issue and how to resolve it.

I. Check if TLS 1.0 is open.

[saket@ngelinux saket]$ openssl s_client -connect server2.ngelinux.com:443 -tls1
CONNECTED(00000003)saket
depth=2 C = US, O = IdenTrust, CN = IdenTrust Commercial Root CA 1
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain

 

2. Change the configuration and disable TLSv1 protocols.

[saket@ngelinux saket]$ vi /etc/httpd/conf/httpd.conf

Earlier: #SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
Now:      SSLProtocol all -SSLv3

 

3. Now check it again to see if its getting connected.

[saket@ngelinux saket]$ openssl s_client -connect server2.ngelinux.com:443 -tls1

Now the TLS1.0 is disabled and the vulnerability should be addressed by now.

5 1 vote
Article Rating
Subscribe
Notify of
guest

0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments