Securing Certificate Server of Identity Management server against SWEET32

Solution Verified - Updated -

Issue

  • SSL/TLS protocol support cipher suites which use 3DES presents security weakness (64-bit Block Size Cipher Suites (SWEET32))
  • Red Hat advised to completely disable DES/3DES ciphers 1
  • IdM server was initially installed on RHEL 7.4 or earlier
  • Network scanner had discoverd that Certificate Server (CS) of IdM supported the vulnerable cipher
  • Need to secure CS of IdM server against the weakness
  • Vulnerability presented even after upgrading to RHEL 7.5 or later

  1. SWEET32: Birthday attacks against TLS ciphers with 64bit block size (CVE-2016-2183) ↩︎

Environment

  • Red Hat Enterprise Linux (RHEL) 7.4 or earlier
  • Red Hat Identity Management (IdM) / FreeIPA

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content