[cabfpub] SSLv3 - Poodle Attack

[Phillip Hallam-Baker]

Lets just tell folk SSL v3 is dead.

I can’t remember when TLS support became ubiquitous but it was old by the time SHA2 was specified.





On Oct 14, 2014, at 7:28 PM, Ben Wilson <ben.wilson at digicert.com> wrote:

> Since I hinted at it earlier today, FWIW here is the news - https://www.openssl.org/~bodo/ssl-poodle.pdf  
>  
> Poodle stands for “Padding Oracle On Downgraded Legacy  Encryption”.   CVE-2014-3566 has been reserved for this protocol vulnerability (no additional information is available yet at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566).
>  
> The attack works by interfering with the establishment of a TLS connection.  A client will quickly downgrade to SSLv3, which uses either the RC4 stream cipher (subject to information leakage) or a block cipher in CBC mode (subject to information leakage via the Poodle attack). 
>  
> As I understand the explanation, the man-in-the-middle decrypts the block ciphers by first padding a block with known values and then chipping away until the secure cookie (or other authentication data) is fully decrypted.
>  
> If disabling SSLv3 is not feasible due to legacy system issues, the paper suggests a few mitigations, such as using TLS_FALLBACK_SCSV to prevent a downgrade in the first place.
>  
> “This use of TLS_FALLBACK_SCSV will ensure that SSL 3.0 is used only when a legacy  implementation is involved: attackers can no longer force a protocol downgrade. (Attacks  remain possible if both parties allow SSL 3.0 but one of them is not updated to support  TLS_FALLBACK_SCSV, provided that the client implements a downgrade dance down to  SSL 3.0.) “
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20141014/12ab941d/attachment.html