In the SWEET32 attack, a remote attacker can obtain sensitive information by recovering portions of the plaintext data when encrypted with 64-bit block ciphers (such as Triple-DES).
To prevent this attack, you need to modify the cipher list in the server.xml file of Administration Console and Identity Server.
Perform the following steps:
Administration Console
Modify the cipher list in the /opt/novell/nam/adminconsole/conf/server.xml file as follows:
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
Restart Administration Console.
Identity Server
Modify the cipher list in the /opt/novell/nam/idp/conf/server.xml file as follows:
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
Restart Identity Server.