Sweet32: Birthday attack on 64-bit block cipher - Withdrawal of 3DES cipher support for all Zoho services - 31/01/2017

Sweet32: Birthday attack on 64-bit block cipher - Withdrawal of 3DES cipher support for all Zoho services - 31/01/2017

Zoho always tries to provide utmost security and privacy to our users and here is one such instance. This is about removing weak and insecure ways to access our platform and strengthening it based on industry standard recommendations from time to time.


3DES,  a 64-bit block cipher,  is one of the algorithms used for encryption. These block ciphers, with short block size, are vulnerable to a type of  cryptographic attack, known as the Birthday Attack. Due to this vulnerability, all Zoho services will stop extending support to 3DES from January 31, 2017.


After Zoho disables 3DES cipher, any communication with a Zoho service will need to use AES (128/256) cipher for encryption. All modern browsers/clients and operating systems support robust algorithms like AES. In order to avoid issues connecting with Zoho services, we advice our users to stay up-to-date and update to such latest systems.


1) Internet Browsers:

We monitored our traffic and observed that around 98% of users connecting via 3DES are using IE on Windows XP or Windows 2003 server. These legacy systems do not support AES based ciphers by default. As these systems are no longer supported by its vendor, we  recommend our customers to upgrade their OS or at least use latest   browsers like Firefox/Chrome.

 

2) API Integrations:
If your APIs use 3DES cipher to access Zoho's Applications, please update your API to connect via AES(126,256). Refer the following to set the cipher suite for the language you are using:

 

Java     - Set the cipher suite in javax.net.ssl.SSLSocket.

Ruby    - Set the preferred cipher suite in OpenSSL::SSL::SSLContext

PHP     -  Set CURLOPT_SSL_CIPHER_LIST to a list cipher suites that uses AES for encryption to your Curl options.

Python - Set the cipher suite in SSLContext.set_ciphers.

c#        - Use CipherAlgorithmType AES.

 

You can also refer SSLLabs to check whether you will be affected by this measure. Do get in touch  with the respective Zoho product team in c ase you have any queries.
Take  these measures right away so that you are not affected by this attack.  To know more about the sweet32 vulnerability, refer : https://sweet32.info/


      • Sticky Posts

      • Thanksgiving 2022 - Celebrating Zoho Community SuperBuds

        One of the things we love most about our Zoho User Community is how readily our users help each other out, and share their Zoho and business knowledge. Be it the community forums, the virtual and in-person meetups, or Zoholics, it's been heart-warming

      • ZOHO-20 to fight COVID-19

        While the world economy is taking a hit, we, at Zoho, are doing our bit to help small businesses come out of this crisis. Here are all the programs and packages offered by Zoho to fight Covid-19. 1. ESAP: The Small Business Emergency Subscription Assistance Program (ESAP) gives our severely impacted small business customers access to Zoho software they currently use, free for three months. All Zoho customers with 25 employees or fewer who have been severely impacted by the coronavirus-related downturn

      • ​Issues with Forum posts approval in Zoho Community

        Hi All, Issue: Some of you have reported that the posts/comments made today are going for moderation. The issue started few hours ago, and the behaviour was reported in CRM and Creator Forums by a few customers/partners. We were able to see the same problem in a few other product forums too. How it impacts you: Don't worry if you find that your posts and comments are stuck in moderation. Your posts/comments are safe. Please don't duplicate them. We're keeping a tab on the development and approving

      • Severity high! Please change the URL of published forms.

        We are facing some issues with our domain zohopublic.com, as it has been blocked by our registrar. We are diligently working with them to resolve the issue. As an interim measure, we request you to use zohopublic1.com, instead. If you are using Zoho Creator or Zoho Forms, please edit the embed code and change the domain to creator.zohopublic1.com for Zoho Creator and forms.zohopublic1.com for Zoho Forms. If you are using Zoho Survey, you will have to re-send the survey link to the participants. We

        • Recent Topics

        • Function #11: Apply unused credits automatically to invoices

          Today, we bring you a custom function that automatically applies unused credits from excess payments, credit notes, and retainer payments to an invoice when it is created. Prerequisites: Create a Connection named "zbooks" to successfully execute the function.

        • Edit Contact Roles in the Potentials Mod

          New to ZOHO so I need some help.  I work the same people on different projects concurrency. Their contact info remains the same but their role changes from project to project.  In the Potential Mod you can pick contacts and assign a Role to them.  I know how to edit the roles. What I want to do is add some fields. Specifically I want to add the following "Expectation" "Requirements" and "Communication "Requirements." This will allow me to look at a Potential and see information associated with this

        • Duplicating report but custom layout does not

          Dear Zoho Creator, I need to duplicate a report into 10 copies, but unfortunately the custom layout (detail view) doesn’t copy along with it. I tried exporting and importing the custom layout, but the field mappings are incorrect. I believe everyone are

        • Company Policy Upload - Request All EE to review and sign

          How can I upload policies into Zoho People and have the employees review them and sign off saying they agree, etc.? Also, if I make a revision to a policy, I would like that changed or updated policy to be distributed or have the employees notified that

        • Credit Card Readers?

          We would like to use our commerce website at conferences (and eventually in store) to swipe credit cards to pay for orders. How would we accomplish this? Does Zoho have anything available for a developer write code to integrate something like Stripe Terminal

        • AI generated meeting notes associated to Account or Deal

          As our organization works to improve efficiency we are looking for a solution to leverage AI to generate meeting notes and then add those notes to a CRM record such as an Account or Deal. I see Zoho has a Notebook AI offering that talks about the ability

        • Stock count by bin location

          Is there a configuration to make a stock count by bin or area and not by product. these is useful to manage count by area Regards

        • Add Prebuilt "Partner Finder" Template with Native Zoho CRM Integration in Zoho Sites To: Zoho Sites Product Team

          Hi Zoho Team, We hope you're doing well. We would like to request a prebuilt "Partner Finder" template for Zoho Sites, modeled after your excellent implementation here: 🔗 https://www.zoho.com/partners/find-partner-results.html ✅ Use Case: Our organization

        • How Do I Refund a Customer Directly to Their Credit Card?

          Hi, I use books to auto-charge my customers credit card. But when I create a credit note there doesn't seem to be a way to directly refund the amount back to their credit card. Is the only way to refund a credit note by doing it "offline" - or manually-

        • How to share private Opportunities with whole org at an account level

          Opportunities are currently set to private, so our sales team only sees their own opportunities, along with their manager and upper leadership. The need is the ability for the rest of the Org to see the opportunities at an account level, not within the

        • Can we generate APK and IOS app?

          Dears, I want to know the availability to develop the app on zoho and after that .. generate the APK or IOS app  and after that I added them to play store or IOS store.. Is it possible to do this .. I want not to use zoho app or let my customers use it. thanks 

        • Limitation with Dynamic Email Attachment Capture

          I've discovered a flaw in how Zoho Creator handles email attachments when using the Email-to-Form feature, and I'm hoping the Zoho team can address this in a future update. The Issue According to the official documentation, capturing email attachments

        • Zoho Creator customer portal users

          Hi, I'm in a Zoho One subscription with our company. I'm running a project now that involves creating a Zoho Creater application and using the Zoho Creator Customer Portal.  At most we need 25 customer portal users. In our Zoho One plan we only get 3

        • Why is Zoho Meeting quality so poor?

          I've just moved from Office 365 to Zoho Workplace and have been generally really positive about the new platform -- nicely integrated, nice GUI, good and easy-to-understand control and customisation, and at a reasonable price. However, what is going on

        • Zoho Learn Course Completion Notifications/Triggers/API

          Zoho Learn works great and will suit our course creation needs, but it appears to be lacking a bit when it comes to integration with other Zoho services (creator etc.) when it comes to course completion. 1) Is there an API or Zoho Flow trigger for when

        • Sorting a list of record acquired from the zoho.crm.searchRecords function.

          This is something for which I'm trying to figure out a straightforward way to do. The searchRecords does a great job fetching me the records that I want. However, in some cases, where it returns multiple records, I want it to sort the returned list by date of creation of that record, so that when I do records.get(0), I get the most recent record.  As an example, here's my sample pseudo code: records = zoho.crm.searchRecords("Clients", "Office_Number:equals:123456"); Now the "records" list above contains

        • Enhanced Recording Permission Controls for Zoho Cliq Meetings (Similar to Zoom)

          Hello Zoho Cliq Team, We hope you are doing well. We would like to request an enhancement to the recording permission functionality in Zoho Cliq Meetings. Current Limitation: in Zoho Cliq Only hosts and co-hosts can record a meeting. Participants cannot

        • Phone Connection

          When on a call the person on the other end complains that there is static, I am cutting in and out or they can't hear me all. This happens on the cell connection as well.

        • Ability to Edit YouTube Video Title, Description & Thumbnail After Publishing

          Hi Zoho Social Team, How are you? We would like to request an enhancement to Zoho Social that enables users to edit YouTube video details after the video has already been published. Your team confirmed that while Zoho Social currently allows editing the

        • Can't add a sender adress from zoho campaigns

          hi, I need to change the sender address for a campaign.  When i try to add it i get a message to say 'duplicated email address found while adding your sender address'.  This is the first campaign i'm sending so I don't understand why this message is displayed? Thanks Jane 

        • Zoho CRM Portal Field Level Permission Issue

          Hi Support Team, I am using the Zoho CRM Portal and configuring field-level editing permissions. However, we are unable to restrict portal users from editing certain fields. We have created a portal and provided View and Edit (Shared Only) access for

        • Admin asked me for Backend Details when I wanted to verify my ZeptoMail Account

          Please provide the backend details where you will be adding the SMTP/API information of ZeptoMail Who knows what this means?

        • This domain is not allowed to add. Please contact support-as@zohocorp.com for further details

          I am trying to setup the free version of Zoho Mail. When I tried to add my domain, theselfreunion.com I got the error message that is the subject of this Topic. I've read your other community forum topics, and this is NOT a free domain. So what is the

        • This user is not allowed to add in Zoho. Please contact support-as@zohocorp.com for further details

          Hello, Just signed up to ZOHO on a friend's recommendation. Got the TXT part (verified my domain), but whenever I try to add ANY user, I get the error: This user is not allowed to add in Zoho. Please contact support-as@zohocorp.com for further details I have emailed as well and writing here as well because when I searched, I saw many people faced the same issue and instead of email, they got a faster response here. My domain is: raisingreaderspk . com Hope this can be resolved.  Thank you

        • Need Faster Help? Try Live Chat Support

          Hello there, We understand that sometimes, whether you’re facing an issue, exploring a feature, or need quick clarification, sending an email and waiting for a response just doesn’t cut it. You need answers, and you need them now. That’s exactly why we

        • Export History timeline

          Hi, I have an idea, bout zoho desk history of the ticket it would be great if the agent or admin of the zoho desk can export the timeline of the ticket history for agent report or on other matter.

        • Desk fails to create a new ticket on Reply email

          When I send a direct email to support@mysite.com, Desk will create a new ticket as expected. When I REPLY to an email sent from support@mysite.com, Desk will NOT generate a new ticket. This is very bad. How can I fix this? Use case: In a separate system

        • Condition based aggregate fields in subforms

          Hello everyone, We're excited to inform you about the latest enhancements made to our aggregate field capabilities in subforms; create aggregate fields based on conditions! An aggregate field is a column on which a mathematical function has been applied.

        • Ask the Experts 25: Experience the full spectrum of Zoho Desk’s autumn and spring releases for 2025

          Hello Everyone, We’re on the 25th episode of our ATE series! It's a true milestone in our live community interactions! It’s been an amazing journey since we started in October 2018. Zoho Desk has come a long way, evolving with the support of a wonderful

        • Addin Support in Zoho Sheet

          Is there any addin support available in zoho sheet as like google marketplace to enhance productivity by connecting with other apps, providing AI data analysis, streamlining business processes, and more?

        • Mass Update of Lookup Fields not possible

          Hello List I've created a custom field for Leads and Contacts 'Current Campaign'. This is very Handy as I can filter leads and then related them to a campaign. Everything ready, but then I realized that mass update doesn't work for lookup fields... a

        • Zoho Books | Product updates | November 2025

          Hello users, We’ve rolled out new features and enhancements in Zoho Books. From translating email notification templates to the new transaction locking restrictions, explore the updates designed to enhance your bookkeeping experience. Making Tax Digital

        • Function #61: Automatically add free item to the invoice based on item quantity

          Hello everyone, and welcome back to another Custom Function Friday! During holiday seasons or special promotions, businesses offer deals like BOGO (Buy One, Get One), Buy 3 Get 1 Free, Buy 2 at 50% off, and much more to attract customers. These promotions

        • TArgets To Accounts (Modules)

          How can i set sale target to Customers (Accounts Module)

        • Profit on Sales order

          Hi, would it be possible to implement a column at the Sales order overview of Purchase amount? So a field with the amount of all purchase related to this Sales order? This is very usefull so you will see the profit you made on this deal. I tried to get

        • Notes for Items for Future Purchase Order

          Next time when I order an item, tau have to make some changes in it, that order has to be placed after 4-5 months, I want to save those changes or points somewhere in the item, how will that be possible..

        • Schemes of different tyoe

          How can easily apply hourly, day wise or month wise  schemes on Bill, Quantity, and other schemes. Like I want to apply a scheme  Form today to next 7 days .where i can mention in zoho books so scheme will implement automatically to all customers and

        • Alphabetically

          How can i arrange alphabetically - (Manage Manufacturer) Field in Item Master 

        • Clients not receiving emails

          I've been informed that my emails are not being received. Is there anything that I should look into to rectify this? Many thanks!

        • Custom validation in CRM schema

          Validation rules in CRM layouts work nicely, good docs by @Kiran Karthik P https://help.zoho.com/portal/en/kb/crm/customize-crm-account/validation-rules/articles/create-validation-rules I'd prefer validating data input 'closer to the schema'

        • Next Page