Sweet32: Birthday attack on 64-bit block cipher - Withdrawal of 3DES cipher support for all Zoho services - 31/01/2017

Sweet32: Birthday attack on 64-bit block cipher - Withdrawal of 3DES cipher support for all Zoho services - 31/01/2017

Zoho always tries to provide utmost security and privacy to our users and here is one such instance. This is about removing weak and insecure ways to access our platform and strengthening it based on industry standard recommendations from time to time.


3DES,  a 64-bit block cipher,  is one of the algorithms used for encryption. These block ciphers, with short block size, are vulnerable to a type of  cryptographic attack, known as the Birthday Attack. Due to this vulnerability, all Zoho services will stop extending support to 3DES from January 31, 2017.


After Zoho disables 3DES cipher, any communication with a Zoho service will need to use AES (128/256) cipher for encryption. All modern browsers/clients and operating systems support robust algorithms like AES. In order to avoid issues connecting with Zoho services, we advice our users to stay up-to-date and update to such latest systems.


1) Internet Browsers:

We monitored our traffic and observed that around 98% of users connecting via 3DES are using IE on Windows XP or Windows 2003 server. These legacy systems do not support AES based ciphers by default. As these systems are no longer supported by its vendor, we  recommend our customers to upgrade their OS or at least use latest   browsers like Firefox/Chrome.

 

2) API Integrations:
If your APIs use 3DES cipher to access Zoho's Applications, please update your API to connect via AES(126,256). Refer the following to set the cipher suite for the language you are using:

 

Java     - Set the cipher suite in javax.net.ssl.SSLSocket.

Ruby    - Set the preferred cipher suite in OpenSSL::SSL::SSLContext

PHP     -  Set CURLOPT_SSL_CIPHER_LIST to a list cipher suites that uses AES for encryption to your Curl options.

Python - Set the cipher suite in SSLContext.set_ciphers.

c#        - Use CipherAlgorithmType AES.

 

You can also refer SSLLabs to check whether you will be affected by this measure. Do get in touch  with the respective Zoho product team in c ase you have any queries.
Take  these measures right away so that you are not affected by this attack.  To know more about the sweet32 vulnerability, refer : https://sweet32.info/


      • Sticky Posts

      • Thanksgiving 2022 - Celebrating Zoho Community SuperBuds

        One of the things we love most about our Zoho User Community is how readily our users help each other out, and share their Zoho and business knowledge. Be it the community forums, the virtual and in-person meetups, or Zoholics, it's been heart-warming

      • ZOHO-20 to fight COVID-19

        While the world economy is taking a hit, we, at Zoho, are doing our bit to help small businesses come out of this crisis. Here are all the programs and packages offered by Zoho to fight Covid-19. 1. ESAP: The Small Business Emergency Subscription Assistance Program (ESAP) gives our severely impacted small business customers access to Zoho software they currently use, free for three months. All Zoho customers with 25 employees or fewer who have been severely impacted by the coronavirus-related downturn

      • ​Issues with Forum posts approval in Zoho Community

        Hi All, Issue: Some of you have reported that the posts/comments made today are going for moderation. The issue started few hours ago, and the behaviour was reported in CRM and Creator Forums by a few customers/partners. We were able to see the same problem in a few other product forums too. How it impacts you: Don't worry if you find that your posts and comments are stuck in moderation. Your posts/comments are safe. Please don't duplicate them. We're keeping a tab on the development and approving

      • Severity high! Please change the URL of published forms.

        We are facing some issues with our domain zohopublic.com, as it has been blocked by our registrar. We are diligently working with them to resolve the issue. As an interim measure, we request you to use zohopublic1.com, instead. If you are using Zoho Creator or Zoho Forms, please edit the embed code and change the domain to creator.zohopublic1.com for Zoho Creator and forms.zohopublic1.com for Zoho Forms. If you are using Zoho Survey, you will have to re-send the survey link to the participants. We

        • Recent Topics

        • Multiple organizations under Zoho One

          Hello. I have a long and complicated question. I have a Zoho One account and want to set it up to serve the needs of 6 organizations under the same company. Some of the Zoho One users need to be able to work in more than 1 organization’s CRM and other

        • Unbundle feature for composite items

          We receive composite items from our vendors and sell them either individually or create other composite items out of them. So, there is a lot of bundling and unbundling involved with our composite items. Previously, this feature was supported in form

        • Regarding the integration of Apollo.io with Zoho crm.

          I have been seeing for the last 3 months that your Apollo.io beta version is available in Zoho Flow, and this application has not gone live yet. We requested this 2 months ago, but you guys said that 'we are working on it,' and when we search on Google

        • workflow not working in subform

          I have the following code in a subform which works perfectly when i use the form alone but when i use the form as a subform within another main form it does not work. I have read something about using row but i just cant seem to figure out what to change

        • Fetch data from another table into a form field

          I have spent the day trying to work this out so i thought i would use the forum for the first time. I have two forms in the same application and when a user selects a customer name from a drop down field and would like the customer number field in the

        • Record comment filter

          Hi - I have a calendar app that we use to track tasks. I have the calendar view set up so that the logged in user only sees the record if they are assigned to the task. BUT there are instances when someone is @ mentioned in the record when they are not

        • How to View Part Inventory and Warehouse Location When Creating a Work Order in Zoho FSM

          Hi everyone, We’re currently setting up Zoho FSM and would like to improve how our team selects parts when creating a Work Order. Right now, when we add a part or item to a Work Order, we can select it from our Zoho Inventory list but we don’t see any

        • FSM too slow today !!

          Anybody else with problem today to loading FSM (WO, AP etc.)?

        • Not able to Sign In in Zoho OneAuth in Windows 10

          I recently reset my Windows 10 system, after the reset when I downloaded the OAuth app and tried to Sign In It threw an error at me. Error: Token Fetch Error. Message: Object Reference not set to an instance of an object I have attached the screenshot

        • Mapping a custom preferred date field in the estimate with the native field in the workorder

          Hi Zoho, I created a field in the estimate : "Preferred Date 1", to give the ability to my support agent to add a preferred date while viewing the client's estimate. However, in the conversion mapping (Estimate to Workorder), I'm unable to map my custom

        • Is there a way to request a password?

          We add customers info into the vaults and I wanted to see if we could do some sort of "file request" like how dropbox offers with files. It would be awesome if a customer could go to a link and input a "title, username, password, url" all securely and it then shows up in our team vault or something. Not sure if that is safe, but it's the best I can think of to be semi scalable and obviously better than sending emails. I am open to another idea, just thought this would be a great feature.  Thanks,

        • Single Task Report

          I'd like a report or a way to print to PDF the task detail page. I'd like at least the Task Information section but I'd also like to see the Activity Stream, Status Timeline and Comments. I'd like to export the record and save it as a PDF. I'd like the

        • Auto-response for closed tickets

          Hi, We sometimes have users that (presumably) search their email inbox for the last correspondence with us and just hit reply - even if it's a 6 month old ticket... - this then re-opens the 6 month old ticket because of the ticket number in the email's subject. Yes, it's easy to 'Split as new Ticket', but I'd like something automated to respond to the user saying "this ticket has already been resolved and closed, please submit a new ticket". What's the best way to achieve this? Thanks, Ed

        • How to Push Zoho Desk time logged to Zoho Projects?

          I am on the last leg of my journey of finally automating time tracking, payments, and invoicing for my minutes based contact center company - I just have one final step to solve - I need time logged in zoho desk to add time a project which is associated

        • Cannot access KB within Help Center

          Im working with my boss to customize our knowledge base, but for some reason I can see the KB tab, and see the KB categories, but I cannot access the articles within the KB. We have been troubleshooting for weeks, and we have all permissions set up, customers

        • Export to excel stored amounts as text instead of numbers or accounting

          Good Afternoon, We have a quarterly billing report that we generate from our Requests. It exports to excel. However if we need to add a formula (something as simple as a sum of the column), it doesn't read the dollar amounts because the export stores

        • why my account is private?

          when i post on zohodesk see only agent only

        • Getting ZOHO Invoice certified in Portugal?

          Hello, We are ZOHO partners in Portugal and here, all the invoice software has to be certified by the government and ZOHO Invoice still isn´t certified. Any plans? Btw, we can help on this process, since we have a client that knows how to get the software certified. Thank you.

        • 500 Internal Server Error

          I have been trying to create my first app in Creator, but have been getting the 500: Internal Server Error. When I used the Create New Application link, it gave me the error after naming the application. After logging out, and back in, the application that I created was in the list, but when I try to open it to start creating my app, it gives me the 500: Internal Server Error. Please help! Also, I tried making my named app public, but I even get the error when trying to do that.

        • Client Script | Update - Client Script Support For Portals

          Dear All! We are excited to announce the highly anticipated feature: Client Script support for Portals. We understand that many of you have been eagerly awaiting this enhancement, and we are pleased to inform you that this support is now live for all

        • Professional Plan not activated after payment

          I purchased the Professional Plan for 11 users (Subscription ID: RPEU2000980748325) on 12 September 2025, and the payment has been successfully processed. However, even after more than 24 hours, my CRM account still shows “Upgrade” and behaves like a

        • Auto Update Event Field Value on Create/Edit

          Hi there, I know this question has been posted multiple times and I've been trying many of the proposed similar scripts for a while now but nothing seems to work... what might I do wrong? The error I receive is this: Value given for the variable 'meetingId'

        • Pre-orders at Zoho Commerce

          We plan to have regular producs that are avaliable for purchase now and we plan to have products that will be avaliable in 2-4 weeks. How we can take the pre-orders for these products? We need to take the money for the product now, but the delivery will

        • Payroll and BAS ( Australian tax report format )

          Hello , I am evaluating Zoho Books and I find the interface very intuitive and straight forward. My company is currently using Quickbooks Premier the Australian version. Before we can consider moving the service we would need to have the following addressed : 1.Payroll 2.BAS ( business activity statement ) for tax purposes 3.Some form of local backup and possible export of data to a widely accepted format. Regards Codrin Mitin

        • Problem with Email an invoice with multiple attachments using API

          I have an invoice with 3 attachments. When I send an email manually using the UI, everything works correctly. I receive an email with three attachments. The problem occurs when I try to initiate sending an email using the API. The email comes with only

        • Page Layouts for Standard Modules like CRM

          For standard modules like quotes, invoices, purchase orders, etc, it would be a great feature to be able to create custom page layouts with custom fields in Zoho Books similar to how you can in Zoho CRM. For example, and my current use case, I have a

        • Non-depreciating fixed asset

          Hi! There are non-depreciable fixed assets (e.g. land). It would be very useful to be able to create a new type of fixed asset (within the fixed assets module) with a ‘No depreciation’ depreciation method. There is always the option of recording land

        • Fixed asset management

          I want to know if there is any individual module for fixed assets management

        • One time sale item in billing automatically detects as service

          if i have some items which i don't want to add in my "item" list because its sold only for one time. but when i type item name in invoice, it (system) automatically takes it as a service and despite of HSN , it shows SAC code to be entered. if its selectable i.e. either item or service , it would be very helpful and a must have feature.

        • Project template after project creation

          How can I apply a project template AFTER the project has been created?

        • convert the project to templet

          i have some deployment ME product for different customer , i need to create a fixed template for use it rather then keeping creating this template every time

        • Related Module in Sharing Rules

          Zoho CRM team recently added the feature to filter records by Related Records It will be really beneficial if we can have this feature for Sharing Rules as well

        • Assignment Thresholds Resetting After Lead Conversion

          Hello everyone, We're facing an issue with Zoho CRM's lead assignment thresholds that makes them unsuitable for our workflow. I'm hoping to find a potential workaround or solution from the community. Here’s our current process: A new lead is created automatically

        • Territory view for custom modules?

          I have recently activated territories however I can't seem to find how to use territories for custom modules? These modules have territories:  Contacts /  Accounts / Opportunities These modules don't have territories:   Buildings (custom module) and 

        • Approval Process Comments

          Is it possible to view the comments entered during the approval or rejection of a record in the approval process? If not, is there a way to require a field to be completed upon approval or rejection?

        • Login for test case

          Had a few questions regarding authentication test cases and couldn't find an answer in the the docs. 1. If an app like Zoho Creator requires authentication before providing access, do I need to create a login function and add it to each test case? 2.

        • Customer members area

          Does FSM support a customer members area? If not what do you propose we use if we want the data used in FSM for customers to give them an area / login to see past orders, create new orders and general announcements.

        • Notes created in mobile can no longer be accessed in desktop

          Working with a 2013 Mac running OS 10.14.6; Desktop Notebook version 4.5.3. Using Motorola Moto G Power 5G - 2024; Android app version 6.7 I have been using Notebook for some years. Starting several weeks ago, the notes newly created ion the phone can

        • Function #49: Manage varying installment payments using Zoho Books

          . Hello everyone, and welcome back to our series! Last week, we discussed automating the collection of fixed installment payments in Zoho Books. But what if your payment structure involves charging varying percentages of the invoice total as installments?

        • Is it possible for contacts to "Re-enter" a workflow in Zoho Campaign?

          We are currently working on a way to automatically add users to from one list to other lists based on specific criteria, but can't seem to find a native way of doing this so we are trying to use Workflows to do this. So, for example, if a user's status is set to "Active," then they should be added to the list "Active Users." If the same user's status is then set to "Paused," they should be added to the list "Paused Users" and removed from the list "Active Users." This works fine for the first go

        • Next Page