Sweet32: Birthday attack on 64-bit block cipher - Withdrawal of 3DES cipher support for all Zoho services - 31/01/2017

Sweet32: Birthday attack on 64-bit block cipher - Withdrawal of 3DES cipher support for all Zoho services - 31/01/2017

Zoho always tries to provide utmost security and privacy to our users and here is one such instance. This is about removing weak and insecure ways to access our platform and strengthening it based on industry standard recommendations from time to time.


3DES,  a 64-bit block cipher,  is one of the algorithms used for encryption. These block ciphers, with short block size, are vulnerable to a type of  cryptographic attack, known as the Birthday Attack. Due to this vulnerability, all Zoho services will stop extending support to 3DES from January 31, 2017.


After Zoho disables 3DES cipher, any communication with a Zoho service will need to use AES (128/256) cipher for encryption. All modern browsers/clients and operating systems support robust algorithms like AES. In order to avoid issues connecting with Zoho services, we advice our users to stay up-to-date and update to such latest systems.


1) Internet Browsers:

We monitored our traffic and observed that around 98% of users connecting via 3DES are using IE on Windows XP or Windows 2003 server. These legacy systems do not support AES based ciphers by default. As these systems are no longer supported by its vendor, we  recommend our customers to upgrade their OS or at least use latest   browsers like Firefox/Chrome.

 

2) API Integrations:
If your APIs use 3DES cipher to access Zoho's Applications, please update your API to connect via AES(126,256). Refer the following to set the cipher suite for the language you are using:

 

Java     - Set the cipher suite in javax.net.ssl.SSLSocket.

Ruby    - Set the preferred cipher suite in OpenSSL::SSL::SSLContext

PHP     -  Set CURLOPT_SSL_CIPHER_LIST to a list cipher suites that uses AES for encryption to your Curl options.

Python - Set the cipher suite in SSLContext.set_ciphers.

c#        - Use CipherAlgorithmType AES.

 

You can also refer SSLLabs to check whether you will be affected by this measure. Do get in touch  with the respective Zoho product team in c ase you have any queries.
Take  these measures right away so that you are not affected by this attack.  To know more about the sweet32 vulnerability, refer : https://sweet32.info/


      • Sticky Posts

      • Thanksgiving 2022 - Celebrating Zoho Community SuperBuds

        One of the things we love most about our Zoho User Community is how readily our users help each other out, and share their Zoho and business knowledge. Be it the community forums, the virtual and in-person meetups, or Zoholics, it's been heart-warming

      • ZOHO-20 to fight COVID-19

        While the world economy is taking a hit, we, at Zoho, are doing our bit to help small businesses come out of this crisis. Here are all the programs and packages offered by Zoho to fight Covid-19. 1. ESAP: The Small Business Emergency Subscription Assistance Program (ESAP) gives our severely impacted small business customers access to Zoho software they currently use, free for three months. All Zoho customers with 25 employees or fewer who have been severely impacted by the coronavirus-related downturn

      • ​Issues with Forum posts approval in Zoho Community

        Hi All, Issue: Some of you have reported that the posts/comments made today are going for moderation. The issue started few hours ago, and the behaviour was reported in CRM and Creator Forums by a few customers/partners. We were able to see the same problem in a few other product forums too. How it impacts you: Don't worry if you find that your posts and comments are stuck in moderation. Your posts/comments are safe. Please don't duplicate them. We're keeping a tab on the development and approving

      • Severity high! Please change the URL of published forms.

        We are facing some issues with our domain zohopublic.com, as it has been blocked by our registrar. We are diligently working with them to resolve the issue. As an interim measure, we request you to use zohopublic1.com, instead. If you are using Zoho Creator or Zoho Forms, please edit the embed code and change the domain to creator.zohopublic1.com for Zoho Creator and forms.zohopublic1.com for Zoho Forms. If you are using Zoho Survey, you will have to re-send the survey link to the participants. We

        • Recent Topics

        • Zoho Writer to Zoho Sign Template Misalignment – Request for Community

          We are currently facing a critical issue impacting our live business operations due to a misalignment problem between Zoho Writer templates and Zoho Sign output. Issue Summary: We have an automated workflow in Zoho CRM using Deluge scripts that generates

        • Account blocked

          Yesterday I got my Zeptomail account blocked due to too many hard bounces. My account is used exclusively for sending transactional emails (eg. your order has been shipped, a form has been filled, etc) and the sudden blocking impacted hundreds of websites

        • Migration Tool Download

          Since apparently you have to ask for the migration tool to download (why?), I need the download for the migration tool for exchange servers. Please forward link, thanks.

        • IF Formula

          Hi, I'm having trouble setting up a custom formula in a field. Can you help me with it? The formula should do the following: If the created date is less or equal to 30 days the field should display a string New in pieline or Exisitng pipeline if above

        • Autorespond to one specific sender

          Is there any way to create a rule or filter that sends an automatic reply to messages from one specific email address?  I really need to set up something like a "vacation response" but only for one "received from" address.

        • View comprehensive logs of all actions in Custom Module History

          Hello everyone, We are happy to announce our new feature, Detail View in Custom Module History, which enhances visibility, control and accountability over your records. Users can now access a detailed timeline of every action that has been performed on

        • Track ZohoForm Conversion using Postmessage event

          Hi, I’ve been using a third-party lead tracking tool to capture leads from my website along with their source. Earlier, with the HubSpot form, the third-party script was able to detect the postMessage event that iframe forms typically send back to the

        • Email task creator when task is updated/marked complete

          I am looking for a way to notify the creator of a task in zoho todo when - Task is updated Task is closed Comments entered 1 and 2 are critical, and I cannot find a zoho flow to do this. There is no way that as a manager I will know when someone has completed

        • Email Recall Feature In Zoho Mail Which Should Also Work For Outside Organisation Members

          Add a feature to recall or undo sending an email within a configurable short time window (e.g., 30 seconds to 2 minutes) after hitting send, similar to Gmail’s undo send. Currently the sent email can not be recall If the recipient is not from within your

        • How to implement calculating average value of averaged values?

          Hi, I'm trying to implement a formula in my layout for a module that calculates the average of 2 averaged values, but I can't do so using the formula custom field. To calculate the 2 averaged values, I could use the formula custom field, but in the custom

        • Zoho Recruit update published job boards

          If we have a job thats already posted on several different job boards and we edit this job in zoho recruit (e.g. the description of the job), does this then automatically update this new information to all the published job boards?  If not, how does the

        • Narrative 14: The magic bazaar of Desk

          Behind the scenes of a successful ticketing system: BTS Series Narrative 14: The magic bazaar of Desk Marketplace is a centralized platform where users can discover Zoho and third-party applications that can be integrated with their Desk account to facilitate

        • Collections Management: #2 Late Payment Automation

          "Sir, I'll process the payment by evening, please don't apply any late payment charges", the customer said while arranging papers on his desk. Sanjay stood there with a tired smile. He had already visited twice that week. Payment collection was one thing.

        • Create a table in the layout section of modules

          Dear Sirs, I would like to know whether is possible to create a table under new fields in layouts section of modules. In fact in this section there are single line, multi line, pick list, multi-select, date, formula etc. but I am unable to add a table

        • Nimble enhancements to WhatsApp for Business integration in Zoho CRM: Enjoy context and clarity in business messaging

          Dear Customers, We hope you're well! WhatsApp for business is a renowned business messaging platform that takes your business closer to your customers; it gives your business the power of personalized outreach. Using the WhatsApp for Business integration

        • Power of Automation :: Automatic Task Status Handling for Users

          Hello Everyone, A custom function is a software code that can be used to automate a process and this allows you to automate a notification, call a webhook, or perform logic immediately after a workflow rule is triggered. This feature helps to automate

        • Question - why no way to input a 'tool description' and 'tree of 'tools'

          Every business is different, with different business processes. To be truly useful Zoho MCP needs to have user editable tool descriptions (or ruleset) and a 'tool tree' so that the LLM is context aware when being used. For example, the tool description

        • Develop Zoho Meeting as a Full Native Application (Not a Browser Wrapper)

          Hello Zoho Meeting Team, Hope you are doing well. We would like to suggest an important improvement regarding the Zoho Meeting desktop application. At the moment, the Zoho Meeting app feels more like a mini browser window or an iframe that loads the web

        • Can I create a custom function for chart of accounts?

          I'm trying to add a custom function that should run whenever a record in the Chart of Accounts module is edited, but on the form for creating a new function, the module dropdown does not include the chart of accounts as an option.

        • billing

          hi, I am being billed $12/year, and I can't remember why. My User ID is 691273115 Thanks for your help, --Kitty Pearl

        • Automatic Matching from Bank Statements / Feeds

          Is it possible to have transactions from a feed or bank statement automatically match when certain criteria are met? My use case, which is pretty broadly applicable, is e-commerce transactions for merchant services accounts (clearing accounts). In these

        • Unable to confirm Super Admin assignment — confirmation button not working

          I’m trying to change the roles within my organization. I am currently a super admin and would like to add another user as a super admin. When I attempt to confirm the action, a screen appears asking for my password to verify my identity. However, when

        • Automation#36: Auto-create time-entry after performing the Blueprint transition

          Hello Everyone, This week’s edition focuses on configuring a custom function within Zoho Desk to streamline time tracking within the Blueprint. In this case, we create a custom field, and request the agent to enter the spending time within the single

        • Feature Request: Reviews

          Any chance we could get a "Reviews" element to put on sites? It should be extremely simple to do. Basically just take the comments box and add an option for a star rating. At the very least, it would be nice to have more customization options for the comment box so the text could be changed from "Comments" to "Reviews". I've looked at a bunch of embeddable review widgets but nothing meets my needs so this would be a great feature to have added to the site builder.

        • Can we handle a support like (incident management) project in Zoho Projects?

          Hi, I have a new profile of a project whereby we provide "ticket" base support to a client. They have a request and ideally we would handle comms via a email exchange logged in Zoho. Today we use Zoho Projects for all out projects, which means that we

        • Trying to show the actual Terms & Conditions on PDF

          Hi, On Zoho forms I am trying to have the actual terms and conditions that the user needs to accept also show on the pdf that they receive after. Right now it only says "Agreed". Please help.

        • Installing EMAIL Setup in New Domain

          Respected Support team, I'm facing an issue with cloudflare in Pakistan, I want to setup Zoho Mail Setup but I Don't know how to enable Zoho mail setup without cloudflare. My Website https://stumbleguyzzapk.com/, https://fakservices.com/ is using CF,

        • Enhancements to Zoho Meeting Annotator

          Hello Zoho Meeting Team, Hope you are doing well. We would like to share a few improvement suggestions regarding the Zoho Meeting Annotator used during screen sharing. While the current version provides helpful annotation tools, there are several limitations

        • Zoho Social/Marketing Plus - Addition to "Monitor" function

          It would be very helpful if the Monitor function would allow us to add a column to monitor hashtags in addition to pages and mentions. This is a common and very valuable function in other social listening tools.

        • Zoho forms - > Zoho desk multiple agents

          Hi! I would like to use a standard form to be used when we hiring people, so we looked at zoho forms for that. Now we would like to get that info in to Zoho desk and their different users shall take care of this ticket simultaneous . So, what would be

        • Almacenamiento

          Hola, Quisiera saber como podría hacer para bajar el almacenamiento de 5gb a mis usuarios, en otras palabras los quiero ir limitando de la cuota real, y luego ir agregando poco a poco la cantidad hasta llegar a los 5gb que me dan en el plan free. 

        • Zoho Invoice Now Supports VeriFactu for Businesses in Spain

          Starting from January 1, 2026, Spain requires real-time invoice reporting for all B2B transactions. From July 2026, this requirement will extend to B2C transactions as well. All reporting must be carried out through the VeriFactu to AEAT (Agencia Estatal

        • Will I Get a Refund If I Downgrade Zoho Mail?

          Hello, We upgraded an email account for our new employee. However, the employee left after one month, and now I've reduced the number of Zoho Mail users from 7 to 6. Can we get a refund for the remaining portion of our annual payment?

        • Infinite loop of account verification

          Hi I can't do anything on my zoho account.  I always get this message Hi Sheriffo Ceesay As a security measure, you need to link your phone number with this account and verify it to proceed further. When ever I supply the details, it displays that the number is associated with another account. I don't have any other account on zoho so this is really annoying. 

        • Zoho Billing Now Supports VeriFactu for Businesses in Spain

          Starting from January 1, 2026, Spain requires real-time invoice reporting for all B2B transactions. From July 2026, this requirement will extend to B2C transactions as well. All reporting must be carried out through the VeriFactu to AEAT (Agencia Estatal

        • Introducing the revamped What's New page

          Hello everyone! We're happy to announce that Zoho Campaigns' What's New page has undergone a complete revamp. We've bid the old page adieu after a long time and have introduced a new, sleeker-looking page. Without further ado, let's dive into the main

        • Zoho Books - France

          L’équipe de Zoho France reçoit régulièrement des questions sur la conformité de ses applications de finances (Zoho Books/ Zoho Invoice) pour le marché français. Voici quelques points pour clarifier la question : Zoho Books est un logiciel de comptabilité

        • Name autocomplete

          Hi, During searching emails the web tool does not always propose the auto-completion of the saved emails. As a result I either have to go to contacts and look up the exact email, or the exact full name including the middle name and any dots, which is very annoying. For example I have a contact that I emailed in the past that has "First M. Last" <email@email.com> type of contact. When I start typing 'First' the email may or may not pop up in the autocomplete menu. Then if I start typing "first last"

        • How do i follow up my email campaign in-thread

          Is there a way to follow up the email campaign so that it is in-thread using zoho campaigns? eg customer gets original email with subject line "hello" then 5 days later follow up would be with subject line "RE: hello".

        • Announcing new features in Trident for Mac (1.29.0)

          Hello everyone! Trident for macOS (v1.29.0) is here with new features and enhancements to enhance your business communication. Let's take a quick look at them. Access shared mailboxes. You can now view and access shared mailboxes in Trident, which are

        • Next Page