Solved: SWEET32 Issue, CVE-2016-2183. Check TLS1.0 and disable it in Configuration on Linux.

In this post, we will see how to solve the sweet32 issue i.e CVE-2016-2183 on a Linux host.

Let us see how to check for this issue and how to resolve it.

I. Check if TLS 1.0 is open.

[saket@ngelinux saket]$ openssl s_client -connect -tls1
depth=2 C = US, O = IdenTrust, CN = IdenTrust Commercial Root CA 1
verify error:num=19:self signed certificate in certificate chain
verify return:0
Certificate chain


2. Change the configuration and disable TLSv1 protocols.

[saket@ngelinux saket]$ vi /etc/httpd/conf/httpd.conf

Earlier: #SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
Now:      SSLProtocol all -SSLv3


3. Now check it again to see if its getting connected.

[saket@ngelinux saket]$ openssl s_client -connect -tls1

Now the TLS1.0 is disabled and the vulnerability should be addressed by now.

0 0 votes
Article Rating
Notify of

Inline Feedbacks
View all comments