Check for the Sweet32 vulnerability
If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.
|Result positive||Not vulnerable to Sweet32.|
|Result negativ||Vulnerable to Sweet32.|
|Description||The server is vulnerable to Sweet32, which allows an attacker to decrypt parts of the communication if large amounts of data is transferred via a connection.|
|Background||Sweet32 is the name of an attack that was carried out by researchers on the French Institute for Research in Computer Science and Automation (INRIA). The attack exploits design flaws in some encryption algorithms. These encryption algorithms are used in widely used protocols such as TLS, SSH, IPsec and OpenVPN. The Sweet32 attack allows an attacker under some circumstances to restore small sections of a test if it was encoded with 64-bit block ciphers (such as Triple-DES and Blowfish).|
|Consequence||The server is vulnerable through Sweet32, which allows an attacker to decrypt the communication.|
|Solution/Tips||Wherever possible, you should refrain from using Triple-DES and Blowfish. Deactivate Blockchiffren (German only) with a length of 64 bit. Make sure that protocols such as SSLv2 and SSLv3 are disabled.|