Summary

Security Advisory ID : BSA-2016-134

Component : Crypto

Revision : 2.0: Final

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. More at https://sweet32.info/.

Affected Products

Brocade Fabric OS before FOS v7.4.0
Brocade Network Advisor before 14.3.1

Solution

• For Brocade Fabric OS.

Brocade strongly recommends Customers remove weak ciphers from the list of supported ciphers by default. Starting Brocade Fabric OS v7.4 a CLI secCryptoCfg command provides options to configure various cryptographic algorithms to meet compliance requirements for the SSH and HTTPS protocols on a Brocade Fibre Channel switch. 

The  secCryptoCfg command is documented in the Brocade Fabric OS Administration Guide. If  further assistance is required, Customers are advised to contact Brocade TAC or their support providers.

• For Brocade Network Advisor

Customers  are advised to upgrade to supported versions.

Revision History

Version	Change	Date
1.0	Initial Publication	August 31, 2016
2.0	BNA update	Nov 30, 2017
3.0	Updated to Fibre Channel Only	Nov 9, 2018