Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

POODLE - Bye Bye SSL 3.0

  • 15-10-2014 3:16am
    #1
    Closed Accounts Posts: 1,260 ✭✭✭


    Another pillar of online security falls.
    Today we are publishing details of a vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker. I discovered this issue in collaboration with Thai Duong and Krzysztof Kotowicz (also Googlers).

    SSL 3.0 is nearly 15 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue.

    Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.

    Google Chrome and our servers have supported TLS_FALLBACK_SCSV since February and thus we have good evidence that it can be used without compatibility problems. Additionally, Google Chrome will begin testing changes today that disable the fallback to SSL 3.0. This change will break some sites and those sites will need to be updated quickly.

    In the coming months, we hope to remove support for SSL 3.0 completely from our client products.

    Thank you to all the people who helped review and discuss responses to this issue.
    Lots more info.


Comments

  • Registered Users, Registered Users 2 Posts: 52 ✭✭fcerullo


    Disabling SSL3.0 is not always possible (e.g. routers) but for websites and servers that support TLS 1.x it is highly recommend to enforce those protocols.


  • Registered Users, Registered Users 2 Posts: 52 ✭✭fcerullo


    Chrome users that just want to get rid of SSLv3 can use the command line flag --ssl-version-min=tls1 to do so. (We used to have an entry in the preferences for that but people thought that “SSL 3.0” was a higher version than “TLS 1.0” and would mistakenly disable the latter.)

    In Firefox you can go into about:config and set security.tls.version.min to 1.

    I expect that other browser vendors will publish similar instructions over the coming days.


  • Registered Users, Registered Users 2 Posts: 52 ✭✭fcerullo


    Chrome users that just want to get rid of SSLv3 can use the command line flag --ssl-version-min=tls1 to do so. In Firefox you can go into about:config and set security.tls.version.min to 1.

    I expect that other browser vendors will publish similar instructions over the coming days.


  • Registered Users, Registered Users 2 Posts: 52 ✭✭fcerullo


    Chrome users that just want to get rid of SSLv3 can use the command line flag --ssl-version-min=tls1 to do so. In Firefox you can go into about:config and set security.tls.version.min to 1.

    I expect that other browser vendors will publish similar instructions over the coming days.

    You want to test your browser for this vulnerability?

    Check this out: www poodletest dot com

    Fabio
    @fcerullo


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    fcerullo wrote: »
    Disabling SSL3.0 is not always possible (e.g. routers) but for websites and servers that support TLS 1.x it is highly recommend to enforce those protocols.

    Correct me if Im wrong. If I have a slew of devices such as routers, web servers etc, I'm not actually vulnerable to poodle, I should just disable support for SSLv3 because its the nice thing to do, right?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 744 ✭✭✭goose06


    Just checked www.poodletest.com on my phone, HTC One.
    Chrome is not vulnerable but the built in browser is, you'd have thought they'd have shared the info internally to get a fix in place.


  • Registered Users, Registered Users 2 Posts: 52 ✭✭fcerullo


    hi skylops... if your devices are using SSL3.0, then you are vulnerable to POODLE.


  • Registered Users, Registered Users 2 Posts: 52 ✭✭fcerullo


    Goose, that's interesting.. what is the default browser on the HTC One?


  • Registered Users, Registered Users 2 Posts: 744 ✭✭✭goose06


    fcerullo wrote: »
    Goose, that's interesting.. what is the default browser on the HTC One?

    Thinking about it it's actually the stock HTC browser and not anything to do with google, my mistake :o


  • Registered Users, Registered Users 2 Posts: 51,054 ✭✭✭✭Professey Chin


    goose06 wrote: »
    Thinking about it it's actually the stock HTC browser and not anything to do with google, my mistake :o

    Think that's still based on the AOSP Browser that's been pretty much ignored since chrome became default


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 5,112 ✭✭✭Blowfish


    fcerullo wrote: »
    hi skylops... if your devices are using SSL3.0, then you are vulnerable to POODLE.
    He's not vulnerable, it's clients using SSL 3 that are, hence asking about disabling it as being the nice thing to do.


  • Registered Users, Registered Users 2 Posts: 51,054 ✭✭✭✭Professey Chin


    Blowfish wrote: »
    He's not vulnerable, it's clients using SSL 3 that are, hence asking about disabling it as being the nice thing to do.

    But if the device is still compatible then a malicious client can force the protocol to downgrade and use SSL 3.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    fcerullo wrote: »
    hi skylops... if your devices are using SSL3.0, then you are vulnerable to POODLE.

    Are you sure about that? Rob Graham from Errata Security says:
    Heartbleed and Shellshock allowed hacks against servers (meaning websites and such). POODLE allows hacking clients (your webbrowser and such). If Hearbleed/Shellshock merited a 10, then this attack is only around a 5.

    http://blog.erratasec.com/2014/10/some-poodle-notes.html#.VD5SDESqthE

    He goes on to say:
    “This attack is really against clients—you have to worry about it if you’re in a place like Starbucks,” says Rob Graham, CEO of Erratasec. “If you’re at home there’s probably no one man-in-the-middling you except the NSA. So as a home user, you don’t need to panic. As a server [administrator], you probably don’t need to panic if your customers are coming in over home connections. Only if they’re coming in over [something like] a Starbucks Wi-Fi.”
    But if the device is still compatible then a malicious client can force the protocol to downgrade and use SSL 3.

    I understand that, but what/how is my server vulnerable?


  • Registered Users, Registered Users 2 Posts: 52 ✭✭fcerullo


    Say you have a web server that supports SSL3.0 & TLS 1.x and you install an SSL certificate on it.

    Any client that connects with IE6 for example will be downgraded to SSL3.0 to perform the SSL handshake.

    Any client that connects with latest browsers will negotiate the SSL handshake using TLS 1.x.

    However, the POODLE attack will attempt to downgrade the latest browsers to SSL3.0.

    And when that happens, anyone on the same network will be able to sniff your traffic.

    So, although this problem affect ultimately clients, it is originated on the servers.

    If you disable SSL3.0 on the servers, no client will be able to use that protocol.

    I wrote an article on what you could do as an end-user and sys admin here:

    www dot cycubix dot com /?p=132

    Your comments are welcome.

    Fabio


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Say you have a web server that supports SSL3.0 & TLS 1.x and you install an SSL certificate on it.

    Any client that connects with IE6 for example will be downgraded to SSL3.0 to perform the SSL handshake.

    Any client that connects with latest browsers will negotiate the SSL handshake using TLS 1.x.

    However, the POODLE attack will attempt to downgrade the latest browsers to SSL3.0.

    And when that happens, anyone on the same network will be able to sniff your traffic.

    So, although this problem affect ultimately clients, it is originated on the servers.

    I get that it originates on the servers and so, the nice thing to do would be disable ssl3, but I don't care about anyone else, I just care about my webservers. Is there any effect to them by not disabling SSLv3?


  • Registered Users, Registered Users 2 Posts: 52 ✭✭fcerullo


    There is a risk for your users when visiting your webservers to disclose their credentials on a public network.

    Fabio


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    fcerullo wrote: »
    There is a risk for your users when visiting your webservers to disclose their credentials on a public network.

    Fabio

    Thats what I was getting at. If I solely care about my infrastructure, and not the users, I can take several things off my to-do list by not removing SSLv3 support.

    This is a theoretical scenario as I personally manage only a couple of servers all with SSH and nothing else. Its just I had a to shout down a security advisory earlier today saying "Patch your critical hardware now before the sky falls!".


Advertisement