Google announced that it has discovered a vulnerability (referred to as POODLE) in SSL version 3.0, the details of which can be found here. Bodo Möller of the Google Security Team found the issue along with fellow Googlers Thai Duong and Krzysztof Kotowicz. Makers of web browsers, including Google, are working on a fix.
Möller writes:
SSL 3.0 is nearly 15 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue.
Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.
Möller also notes that Chrome has supported TLS_FALLBACK_SCSV since February, and says it has “good evidence” that it can be used without compatibility issues. Chrome will also begin testing changes that disable the fallback to SSL 3.0. Some sites will break because of this, Google notes, adding that such sites will need to be updated quickly.
Google hopes to have support for SSL 3.0 removed from its client products within the coming months.
Mozillla says it has a plan for Firefox as well. SSL 3.0 will be disabled by default in Firefox 34, which will be released on November 25th. It’s releasing the code to disable it in Nightly immediately, and that will be promoted to Aurora and Beta in the coming weeks.
Additionally Firefox 35 will support SCSV, which is described as a generic TLS downgrade protection mechanism. Mozilla says:
For Firefox users, the simplest way to stay safe is to ensure that Firefox is configured to automatically update. Look under Preferences / Advanced / Update and make sure that “Automatically install updates” is checked.
For users who don’t want to wait till November 25th (when SSLv3 is disabled by default in Firefox 34), we have created the SSL Version Control Firefox extension to disable SSLv3 immediately.
Microsoft had this to say:
Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0. This is an industry-wide vulnerability affecting the SSL 3.0 protocol itself and is not specific to the Windows operating system. All supported versions of Microsoft Windows implement this protocol and are affected by this vulnerability. Microsoft is not aware of attacks that try to use the reported vulnerability at this time. Considering the attack scenario, this vulnerability is not considered high risk to customers.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
The company has further guidance, an FAQ, and a list of affected products available here.
By the way, POODLE stands for “Padding Oracle On Downgraded Legacy Encryption”. This article at ImperialViolet.org has more technical information explaining it.
Image via Wikimedia Commons
