If you want to check whether your server or client is vulnerable, SANS ISC offers links to pages that allow you to do it easily. To fix the SSL/TLS version selection fallback issue, he also advises to implementation of TLS_FALLBACK_SCSV fallback. Start with the servers for highest impact, but then see what you can do about clients.” The other problem is that this is a client and a server issue. Give it some time, test it carefully, but get going with it. SSLv3 has reached the end of its useful life and should be retired,” he advised. SANS ISC CTO Johannes Ullrich also says that they best thing to do is to disable SSL 3.0. Google already suports the TLS_FALLBACK_SCSV fallback on Google Chrome and its servers, and says that it definitely does not create compatibility problems. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.” This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. “Therefore our recommended response is to support TLS_FALLBACK_SCSV. “Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today,” noted Bodo M?¶ller, one of the researchers who discovered the vulnerability. Microsoft points out that the vulnerability is mitigated by the fact that the attacker must make several hundred HTTPS requests before the attack could be successful, but the best option for everyone is to switch to using TLS 1.0, TLS 1.1, or TLS 1.2 instead of SSL 3.0. The POODLE vulnerability, caused by a weakness in the CBC encryption algorithm used in SSL 3.0, allows a man-in-the-middle attacker to intercept HTTPS traffic between the client and server, and decrypt portions of it (for example, authentication cookies).
Given that support for SSL 3.0 remains widespread, an attacker that controls the network between the client and the server can exploit the protocol downgrade dance implemented by many clients in order to force the use of SSL 3.0. The researchers explained in great technical detail why the flaw exists and how it can be exploited, but here is it in short: The vulnerability (CVEÂÂ-2014-3566), discovered by Google security researchers and dubbed POODLE (Padding Oracle On Downgraded Legacy Encryption), is in the design of the protocol. There is a critical security vulnerability in SSL 3.0 which allows attackers to calculate the plaintext of encrypted connections, and it will likely spell the end of the use of this particular SSL version.
0 kommentar(er)
