diff --git a/nselib/tls.lua b/nselib/tls.lua
index a28cd0b7e..ffa4b99ae 100644
--- a/nselib/tls.lua
+++ b/nselib/tls.lua
@@ -1058,6 +1058,13 @@ function cipher_info (c)
     info.size = tonumber(tokens[i])
   end
 
+  -- block size (bits)
+  if t == "3DES" or t == "RC2" or t == "IDEA" or t == "DES" or t == "FORTEZZA" or t == "DES40" then
+    info.block_size = 64
+  elseif t == "AES" or t == "CAMELLIA" or t == "ARIA" or t == "SEED" then
+    info.block_size = 128
+  end
+
   -- stream ciphers don't have a mode
   if info.cipher == "RC4" then
     info.mode = "stream"
diff --git a/scripts/ssl-enum-ciphers.nse b/scripts/ssl-enum-ciphers.nse
index 663fa8f7d..598291be1 100644
--- a/scripts/ssl-enum-ciphers.nse
+++ b/scripts/ssl-enum-ciphers.nse
@@ -655,6 +655,9 @@ local function find_ciphers_group(host, port, protocol, group, scores)
             if info.hash and info.hash == "MD5" then
               scores.warnings["Ciphersuite uses MD5 for message integrity"] = true
             end
+            if info.mode and info.mode == "CBC" and info.block_size <= 64 then
+              scores.warnings[("64-bit block cipher %s vulnerable to SWEET32 attack"):format(info.cipher)] = true
+            end
             if protocol == "SSLv3" and  info.mode and info.mode == "CBC" then
               scores.warnings["CBC-mode cipher in SSLv3 (CVE-2014-3566)"] = true
             elseif info.cipher == "RC4" then