So yah, it’s been quite a year – not long after Heartbleed and then Shellshock we now have POODLE SSLv3 vulnerability.
Yes, that’s right – POODLE. It is actually an acronym this time though, yay (Padding Oracle On Downgraded Legacy).
Is it a huge risk? Not really as it doesn’t allow any type of remote exploitation, it does however allow for SSLv3 Man-in-the-middle (MITM) attacks though – which is not good. It’s a fundamental design flaw in SSL/TLS which authenticates before encrypting.
Researchers have discovered a security vulnerability in SSL 3.0 that allows attackers to decrypt encrypted website connections.
Miscreants can exploit a weakness in the protocol’s design to grab victims’ secret session cookies. These can be used to log into online accounts, such as webmail, social networks, and so on. The attack is, we’re told, easy to perform, and can be done on-the-fly using JavaScript – provided you can intercept the victim’s packets, perhaps by setting up a malicious Wi-Fi point in a cafe or bar.
SSL is supposed to encrypt your communications, such as your connection to your bank’s website, so eavesdroppers can’t steal or tamper with your sensitive information while it’s in transit. Google revealed details of the design flaw on Tuesday, and dubbed it POODLE – short for Padding Oracle On Downgraded Legacy Encryption. It is a blunder within the blueprints of SSL 3.0 rather than a software bug, so it affects any product following the protocol – from Google Chrome and Mozilla Firefox to Microsoft Internet Explorer.
To fix it in nginx use the following options:
|
1 |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
For Apache:
|
1 |
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 |
Basically, disable SSLv3.
Stats on SSLv3 usage can be found here – POODLE Attack and SSLv3 Support Measurement
CloudFlare also noted only 0.65 percent of the HTTPS encrypted traffic on CloudFlare’s network uses SSL 3. (which is a good sign) and shows this should not have a massively wide spread effect.
Google security bod Bodo Möller explains that snoopers can trigger network faults to push web browsers into using SSL 3.0, an 18-year-old protocol that should have been binned long ago. Ideally, the browser should be using the superior encryption protocol TLS, which does not suffer from the POODLE shortcoming.
“Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue,” Möller said. One simple solution is to stop using SSL 3.0 and instead use TLS only. This applies to web browsers and websites.
Google’s response to the flaw is to scrub SSL 3.0 support from its flagship Chrome browser. Websites and other browsers are also expected to end support for SSL v3 as it’s now considered insecure by design, and instead enforce the use of TLS for HTTPS connections. Google also recommends browsers and web servers use TLS_FALLBACK_SCSV, the Transport Layer Security Signalling Cipher Suite Value that blocks protocol downgrades.
Doing so will be more effective than simply killing off SSL 3.0 support: that’s because using this magic value should prevent all future downgrade attacks. Chrome and Google’s web servers already support TLS_FALLBACK_SCSV, we’re told.
Websites that end support for SSL v3 will become incompatible with older browsers and OSes – particularly Internet Explorer 6 and Windows XP. The POODLE vulnerability could well be the final nail in the coffin for machines stuck on IE6 and XP once major websites stop supporting the legacy insecure protocol.
Firefox has already pushed out an update of their browser with SSLv3 disabled, but only for the nightly build. It will hit the public on November 25th when Firefox 34 is released, their notes are here – The POODLE Attack and the End of SSL 3.0.
There’s a good technical analysis of the flaw here: POODLE attacks on SSLv3
The full paper is here: This POODLE Bites: Exploiting The SSL 3.0 Fallback [PDF]
If you want to check your servers I suggest using this SSL diagnostic tool which will show you what protocols your setup supports:
DigiCert® SSL Installation Diagnostics Tool
It will also point out if you’re using SSLv3.0 and mark you as insecure if you are. A secure setup should return the following:
Protocol Support
TLS 1.2, TLS 1.1, TLS 1.0
Source: The Register
Stuart Nightingale says
Hi,
I used this site to make sure our server are all secure. I found this thread spot on however, as we have Centos, there were a few tweaks.
I had found by editing httpd.conf in /etc/httpd/conf for each VirtualHost (you can set to global but some of the sites we do are not updated on their local network) to add the following:
SSLHonorCipherOrder On
SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
worked like a charm and used https://www.poodlescan.com/ to double check.
thank you :)