Alibaba Cloud Object Storage Service (OSS) will stop supporting cipher suites based on DES and Triple-DES
2021/12/07
Content:
To improve data security, Alibaba Cloud Object Storage Service (OSS) will gradually stop supporting cipher suites based on DES and Triple-DES in HTTPS services from Dec 7, 2021.
Cause and impact:
When you use DES or Triple-DES keys in TLS handshakes, the birthday bound for data transmission is about 4 billion bit blocks. Malicious attackers can exploit this vulnerability to launch Sweet32 attacks to obtain data in plaintext.
Some customers still use cipher suites based on DES and Triple-DES when they use Object Storage Service (OSS) over HTTPS. To improve data security, Object Storage Service (OSS) plans to stop supporting cipher suites based on DES and Triple-DES in HTTPS services. After the support is stopped, customer businesses that use these cipher suites for TLS handshakes cannot run properly. If your business supports only cipher suites based on DES and Triple-DES, we recommend that you use cipher suites based on other algorithms instead as soon as possible.
Remarks:
For more information about DES, see documentation related to the following vulnerability: CVE-2016-2183.
To improve data security, Alibaba Cloud Object Storage Service (OSS) will gradually stop supporting cipher suites based on DES and Triple-DES in HTTPS services from Dec 7, 2021.
Cause and impact:
When you use DES or Triple-DES keys in TLS handshakes, the birthday bound for data transmission is about 4 billion bit blocks. Malicious attackers can exploit this vulnerability to launch Sweet32 attacks to obtain data in plaintext.
Some customers still use cipher suites based on DES and Triple-DES when they use Object Storage Service (OSS) over HTTPS. To improve data security, Object Storage Service (OSS) plans to stop supporting cipher suites based on DES and Triple-DES in HTTPS services. After the support is stopped, customer businesses that use these cipher suites for TLS handshakes cannot run properly. If your business supports only cipher suites based on DES and Triple-DES, we recommend that you use cipher suites based on other algorithms instead as soon as possible.
Remarks:
For more information about DES, see documentation related to the following vulnerability: CVE-2016-2183.
