Sweet32: Birthday attack on 64-bit block cipher - Withdrawal of 3DES cipher support for all Zoho services - 31/01/2017

Sweet32: Birthday attack on 64-bit block cipher - Withdrawal of 3DES cipher support for all Zoho services - 31/01/2017

Zoho always tries to provide utmost security and privacy to our users and here is one such instance. This is about removing weak and insecure ways to access our platform and strengthening it based on industry standard recommendations from time to time.


3DES,  a 64-bit block cipher,  is one of the algorithms used for encryption. These block ciphers, with short block size, are vulnerable to a type of  cryptographic attack, known as the Birthday Attack. Due to this vulnerability, all Zoho services will stop extending support to 3DES from January 31, 2017.


After Zoho disables 3DES cipher, any communication with a Zoho service will need to use AES (128/256) cipher for encryption. All modern browsers/clients and operating systems support robust algorithms like AES. In order to avoid issues connecting with Zoho services, we advice our users to stay up-to-date and update to such latest systems.


1) Internet Browsers:

We monitored our traffic and observed that around 98% of users connecting via 3DES are using IE on Windows XP or Windows 2003 server. These legacy systems do not support AES based ciphers by default. As these systems are no longer supported by its vendor, we  recommend our customers to upgrade their OS or at least use latest   browsers like Firefox/Chrome.

 

2) API Integrations:
If your APIs use 3DES cipher to access Zoho's Applications, please update your API to connect via AES(126,256). Refer the following to set the cipher suite for the language you are using:

 

Java     - Set the cipher suite in javax.net.ssl.SSLSocket.

Ruby    - Set the preferred cipher suite in OpenSSL::SSL::SSLContext

PHP     -  Set CURLOPT_SSL_CIPHER_LIST to a list cipher suites that uses AES for encryption to your Curl options.

Python - Set the cipher suite in SSLContext.set_ciphers.

c#        - Use CipherAlgorithmType AES.

 

You can also refer SSLLabs to check whether you will be affected by this measure. Do get in touch  with the respective Zoho product team in c ase you have any queries.
Take  these measures right away so that you are not affected by this attack.  To know more about the sweet32 vulnerability, refer : https://sweet32.info/


      • Sticky Posts

      • Thanksgiving 2022 - Celebrating Zoho Community SuperBuds

        One of the things we love most about our Zoho User Community is how readily our users help each other out, and share their Zoho and business knowledge. Be it the community forums, the virtual and in-person meetups, or Zoholics, it's been heart-warming

      • ZOHO-20 to fight COVID-19

        While the world economy is taking a hit, we, at Zoho, are doing our bit to help small businesses come out of this crisis. Here are all the programs and packages offered by Zoho to fight Covid-19. 1. ESAP: The Small Business Emergency Subscription Assistance Program (ESAP) gives our severely impacted small business customers access to Zoho software they currently use, free for three months. All Zoho customers with 25 employees or fewer who have been severely impacted by the coronavirus-related downturn

      • ​Issues with Forum posts approval in Zoho Community

        Hi All, Issue: Some of you have reported that the posts/comments made today are going for moderation. The issue started few hours ago, and the behaviour was reported in CRM and Creator Forums by a few customers/partners. We were able to see the same problem in a few other product forums too. How it impacts you: Don't worry if you find that your posts and comments are stuck in moderation. Your posts/comments are safe. Please don't duplicate them. We're keeping a tab on the development and approving

      • Severity high! Please change the URL of published forms.

        We are facing some issues with our domain zohopublic.com, as it has been blocked by our registrar. We are diligently working with them to resolve the issue. As an interim measure, we request you to use zohopublic1.com, instead. If you are using Zoho Creator or Zoho Forms, please edit the embed code and change the domain to creator.zohopublic1.com for Zoho Creator and forms.zohopublic1.com for Zoho Forms. If you are using Zoho Survey, you will have to re-send the survey link to the participants. We

        • Recent Topics

        • Integration of Phase 2 -e-invoicing- KSA

          Zoho Team, I want to get a training of integration of phase 2 invoicing KSA in zoho step by step.

        • I can not save new invoice

          Hello Now I am trying to save a new invoice but I can not save it because showing unpaid invoice warning which are not overdue. Please let me know how to skip unpaid invoice warning letter and save new invoice. Thank you

        • ADD CONDITIONS FOR FIELD IN ZOHO BOOKS TEMPLATE CUSTOMAZATION

          HELLO I WANT TO ADD CONDITIONS FOR FIELD IN ZOHO BOOKS TEMPLATE CUSTOMAZATION FOR SALES ORDER . I HAVE SET %StatusStamp% IF APPROVAL I WANT THAT TEXT TO BE DISPLAYED WITH GREEN COLOR OTHERWISE OF OTHERR STATUS RED COLOR AS SHOWN IN CODE BELOW . BUT IT

        • Accounting on the Go Series-55: Seamlessly Add New Vendors While Creating Transactions from Scanned Documents

          Hi there! We’ve made handling documents and vendors in Zoho Books even simpler. Now, when you upload a document and scan it, if the app detects a vendor that isn’t already in your organization, you don’t have to leave the page to add them manually. With

        • Accounting on the Go Series-57: Effortlessly Add and Manage Bank Accounts from the Zoho Books Mobile App

          Hi all, Great news for our users in the US and Canada! Managing your finances just got a whole lot easier. Zoho Books has always made it seamless to integrate bank accounts and fetch feeds automatically. Now, we’re taking it up a notch—directly from the

        • Accounting on the Go Series:58-Effortless Compliance: Download XML for Invoices & Credit Notes on Mobile

          Hi there! In Mexico, XML files are crucial for electronic invoicing and fulfilling SAT (Tax Administration Service) requirements. These files ensure your transactions are accurately recorded and tax-compliant. Now, you don’t need to rely on the web app

        • Auto Generated Invoice number YEAR

          Auto Generated Invoice number shows transaction year as 25 even though it's 24 still.

        • Books generiert keine valide XRechnung

          Hallo zusammen, ich möchte hier ein Problem ansprechen, das mir aktuell bei der Nutzung von Books erhebliche Schwierigkeiten bereitet, und hoffe auf Austausch oder Lösungsansätze von anderen Nutzern. Bei der Erstellung von XRechnungen mit Books treten

        • WHEN UPDATE ORGANIZATION INFO OLD INVOICES ALSO CHANGE INVOICING DATA

          Hi We have updated our tax information because we have become a company, up until now we were an individual. The problem is that when updating the data in the zoho books profile all the old invoices change their tax information as well. Is there a way

        • Invoice import error - duplicate customer name column - there are no duplicates

          It is not allowing the importing of any rows because of a duplicate customer name problem, but there are no duplicates in the custoemr name row. Has anyone dealt with this issue before?

        • [WEBINAR][Feb 2025] Automate your entire financial operations from receipts to reconciliation with Zoho Books & Zoho Expense integration

          Hello there, We are hosting a free, live webinar on the importance of travel and expense management solutions for businesses, and how Zoho Expense automatically syncs with Zoho Books to simplify your accounting even further. The webinar is on February

        • Customize Layout

          I am using "Customize Layot" for customize Quotation template but I try to add logo into the header by "%ScaledLogoImage%" code but dont add logo into header. what is problem?

        • Problem - cant add Users (i.e. Zoho one / CRM Users) to BCC or CC in email, i.e. Sales orders or Retainers

          I can go to zoho books email templates, and select any email template, and automatically include any Zoho One user, i.e. member of staff. However in the context of sending an email, it will not let us add a member of staff from the user list, instead

        • UK MTD ITSA

          UK Making Tax Digital for Income Tax I have had notice this is to apply from April 2026. What is Zoho doing about this? I will need to start planning to implement this in the next months so need an update as to what I will and will not be able to do in

        • Partial refunds

          I am trying to process refund for a one item invoice, however the refund is partial: i am getting this error while creating credit note, can anyone share some wisdom about this

        • Zoho Books Roadshows are back in the UAE!

          Hello there, Business owners and accounting professionals of the UAE, we’re coming to your cities! FTA accredited Zoho Books is now officially one of the Digital Tax Integrators in the UAE. With the newly launched direct VAT filing capabilities, we're

        • New user After moving over from QBO

          New user observations/suggestions. QBO took away a lot of features I was used to with the desktop version. Chaos ensued. Zoho Books has a lot of what I was used to and a bit more. Good deal Some things I have run into and suggest some upgrades. 1: The

        • Sole Trader - Financial Advisor (Appointed Representative) - Paid via Capital Account but no Invoicing...

          Hi. I'm about to venture into a new business after 12 months of intensive learning/exams. A little chuffed if I may say so especially at 52! I really like the look of ZoHo Books for my modest enterprise but I'm in need of some guidance, please. My services

        • Multi-Unit Inventory with Flexible Unit Selection (Purchase in One Unit, Sell in Another)

          We need multi-unit inventory management in Zoho Books with the flexibility to choose units (e.g., Box or Piece) at the time of purchase or sale. For example, if 1 Box = 10 Pieces, we should be able to record purchases in Boxes but sell either in Boxes

        • Disputed Purchase Invoices

          We have recently moved to Zoho Books from Sage. In Sage we were able to post a purchase/vendor invoice but mark it as on dispute. This would usually be a pricing query or if something was damaged. It would show in their ledger, so we could agree their

        • No TDS Deduction

          In some of our case, where we are reselling items at the same rate we purchased. In this scenario, Indian IT Law has a provision to request customer not to deduct TDS if the transaction value is same. TDS is paid by us (intermediary reseller) before we

        • CBSA - GST CHARGES on imports

          Hi there, We have a questions about landed cost categorization. We received a shipment from overseas. CBSA invoiced us for the GST on the items. Now we entered the CBSA-GST as a separate bill and attached it as landed cost to the main invoice based on

        • Zoho Books

          How do I manually insert opening balance?

        • Sales order & purchase order item links for item details

          This is fantastic for checking lots of things, I use it a lot. It would be great to see it extended to invoices & bills On another note, may as well throw in my favourite whinge ..... Wish you guys would get the PO receive differences sorted urgently,

        • Bank charges are applied. Please select a bank account.

          Hello, I'm trying to add bank charges to a customer payment, but I get the error message "Bank charges are applied. Please select a bank account." I found this old thread, where it says that I need to "select a Bank account for the 'Deposit To' dropdown

        • How to add receipts

          How to add receipts

        • Support for auto-upgrade in TrueSync (for Windows)

          WorkDrive TrueSync app now supports auto-upgrading to the latest version for Windows OS. You must manually download and install the TrueSync app version 3.4.0 to avail this feature. Download the latest TrueSync app for Windows (version 3.4.0) Supported

        • WorkDrive API Documentation

          WorkDrive provides users and developers an extensive set of APIs to help integrate functionalities of Zoho WorkDrive with other Zoho applications and third-party tools. We have published the official WorkDrive API Documentation page for all external users.

        • March 15, 2023: Zoho Docs is discontinued

          As of today (March 15, 2023) Zoho Docs is discontinued for all users. We would like to thank our customers for trusting us for so many years! Going forward, we're confident you'll enjoy using Zoho WorkDrive for all your advanced file management and collaboration

        • Introducing WorkDrive 4.0: Enhanced productivity. Advanced data administration. (Phase 1)

          Hello All, We're excited to share the release of WorkDrive 4.0, which includes important new features and enhancements focused primarily on productivity, secure collaboration, data administration, integrations, and user experience. Read the official announcement

        • External download link limit

          Can You please help us to understand this For Zoho WorkDrive external users, the download limit is a maximum of 5 GB total download size and a maximum of 50 first-level files and folders What is the meaning of first level? We are using these files in

        • Dynamically catching new file creations

          I have a team folder with many subfolders, and in those folders we add new documents all the time. I'd like to have a workflow or script to notify me (and then take other actions) when a file is added anywhere in that structure that ends in "summary.txt".

        • Rotate an Image in Workdrive Image Editor

          I don't know if I'm just missing something, but my team needs a way to rotate images in Workdrive and save them at that new orientation. For example one of our ground crew members will take photos of job sites vertically (9:16) on his phone and upload

        • Workflow workdrive rollout

          Hi! When will workflow be rolled out to all users? Thanks.

        • Creating and managing a Team Folder using WorkDrive TrueSync

          Hello everyone, Are you tired of constantly switching between your Desktop TrueSync app and the WorkDrive web app to create and manage Team Folders? We’ve made things easier for you. You can now create and manage Team Folders directly within the TrueSync

        • Edit images seamlessly with WorkDrive's built-in Image Editor

          Are you tired of switching between multiple tools just to make simple edits to your images? We understand the hassle, which is why Zoho WorkDrive now comes with a built-in image editing tool, powered by Zoho Annotator. This tool allows you to edit images

        • Supercharge your email workflow with WorkDrive's add-in for Microsoft Outlook

          Consider this: You’re handling a critical project, and your inbox is packed with important attachments, email threads, and client communications. The back-and-forth routine of downloading files to your computer, uploading them to WorkDrive, and manually

        • Secure and promote your content with Custom Watermarking

          Imagine this: You’re a professional photographer who regularly shares your work online with potential clients and collaborators. Recently, you notice that some of your images have been reposted without any credit or permission. This not only impacts your

        • Join us in Singapore for the Zoho WorkDrive User Group meetup!

          Hello, everyone! Exciting news! We'll be hosting an upcoming Zoho WorkDrive user group meetup in the beautiful city of Singapore this November. At this Zoho User Group meetup, we'll guide you through ways to use WorkDrive as a platform and build custom

        • WorkDrive TrueSync now supports ARM64-based Windows devices!

          We’re excited to announce that the Zoho WorkDrive TrueSync app now fully supports Windows devices with ARM64 architecture! Whether you're working on an ARM-based device or an x64 processor, you can now enjoy the same seamless file synchronization experience

        • Next Page