This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)

Dan_Wentworth
Confirmed Champ
Confirmed Champ

‎10-26-2017 04:34 AM

We have a customer on OnBase 17 (DDS, Encrypted keywords) who has identified  a 'Sweet32' vulnerability.

The customer approach is to  'Disable of Triple DES 168 Cipher through Registry'


Is this an approved approach to Sweet32'?
Will manually disabling this cipher  affect OnBase?

I understand there are other approaches which involve disabling SSL 2.0 and SSL 3.0.

What is Hyland's recommendation?


Dan

Labels:
0 Kudos
2 REPLIES 2

Dan_Wentworth
Confirmed Champ
Confirmed Champ

‎10-26-2017 04:52 AM

This is an Oracle implementation
0 Kudos

Alan_Vidmar
Star Contributor
Star Contributor

‎10-26-2017 09:47 AM

Dan,

I don't know what Hyland's official recommendation for this might be, but we manage our own protocols and ciphers as we consider IIS as part of our own technological footprint to maintain.

That said, I've found a nice tool to assist with these processes: IIS Crypto  https://www.nartac.com/Products/IISCrypto

This will allow you to see and manage the various protocols, ciphers, and cipher suites you allow on your IIS server.

Please test very carefully though, especially if you use a load balance in front of your web/app servers as you'll need to make sure that the load balancer ciphers match up to what you're setting on IIS.

Alan

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC