Secure Sockets Layer (SSL) encryption we’ve relied on from so long time, for secure communication on the Internet has a vulnerability. Google engineers (Bodo Möller, Thai Duong and Krzysztof Kotowicz) has discovered this particular vulnerability and points out that SSLv3.0 should not be used.
Before SSLv3.0, SSLv2 was first widely used transport protocol however, later multiple vulnerabilities were discovered in it which made it insecure and thereafter, SSLv3 came into the picture. A successors SSLv3 and TLSv1 are widely supported now a days. TLS1.1[RFC4346] andTLS1.2[RFC5246] are newer. Most of all web browsers have support for it.
The vulnerability, Google called it as "Poodle" vulnerability. It’s an attack on the SSL 3.0 protocol. It's not an implementation issue, it's a protocol flaw. All implementations of SSL v3.0 suffers from it. Here, I am talking about old SSL 3.0 and not TLS 1.0 or later. The TLS or DTLS versions are not affected. CVE-2014-3566 has been reserved for this vulnerability.
SSL protocol, introduced in 1996, supposed to prevent MITM or eavesdropping to secure communication since the information being shared is encrypted. When a client (browser, apps) pings a server and they gets engage in a handshaking process that creates security keys to encrypt and decrypt information being shared. SSL is designed to secure the transport level on the internet. It's not only used for securing web communication (HTTP) but also used for other application protocols.
SSL3.0 (RFC6101) is an insecure protocol. It is nearly 18 years old protocol. Most importantly, nearly all browsers support it. The protocol handshake provides for authenticated version negotiation hence normally the latest protocol version common to the client and the server will be used. While for most practical purposes it has been replaced by its successors TLS1.0 [RFC2246], TLS1.1[RFC4346], and TLS1.2[RFC5246], many TLS implementations remain backwards compatible with SSLv3.0 to interoperate with legacy systems in the interest of a smooth user experience.
Vulnerability allows attacker to initiate a downgrade dance that tells the client that server doesn't support TLS protocol and forces it to connect via SSL3.0. From there, secure HTTP cookies can be decrypted by a MITM attack. Google calls this the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack. In simple words, your information is no longer encrypted/secure. Hence, I recommend you to disable SSL v3.0 on servers as well as on clients. In order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue.
According to Bodo Möller, written on his blog, "Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore, I recommend you to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks."
If your browser supports SSLv3.0, disable it or better use tools that support TLS_FALLBACK_SCSV (Transport Layer Security Signaling Cipher Suite Value) which prevents downgrade attacks. In next few weeks, Google will remove SSLv3.0 support completely from all their products. Currently, they have started testing it, they are reviewing chrome changes that disable using SSL3.0 fallback. In fact, Chromium patch is already available which disables SSL 3.0 fallback.
Mozilla are planning to turn off SSL 3.0 in Firefox. Mozilla post says “On Nov, 25th's release, SSLv3 will be disabled by default in Firefox 34.
Only servers are affected or clients too ?
As a server admin you should disable SSLv3 now for the security of your users.
As a user, you should disable SSLv3 in your browser now to secure yourself when visiting websites which still support SSLv3.
How do I know that I am affected and How do I patch it?
The attack scenario requires the attacker to be able to inject data of his own, and to intercept the encrypted bytes. The only plausible context where such a thing happens is a Web browser, as explained above. In that case, Poodle is, like BEAST and CRIME, an attack on the client, not on the server.
All Web browsers users are affected. But that also depends on the server. The protocol version used is a negotiation between client and server, SSL 3.0 will happen only if the server agrees. Thus, you might consider that your server is "vulnerable" if it allows SSL 3.0 to be used (this is technically incorrect, since the attack is client-side in a Web context, but I expect SSL-security-meters to work that way).
Conditions for the vulnerability to occur: SSL 3.0 supported, and selection of a CBC-based cipher suite (RC4 encryption has no padding, thus is not vulnerable to that specific attack -- but RC4 has other issues, of course).
Below are some workarounds /remediations:
1. Disable SSL 3.0 support in the server.
2. Disable SSL 3.0 support in the client.
3. Disable support for CBC-based cipher suites when using SSL 3.0 (in either client or server).
4. Implement that new SSL/TLS extension to detect when some active attacker is breaking connections to force your client and server to use SSL 3.0, even though both know TLS 1.0 or better. Both client and server must implement it.
You can't really patch it (unless you're changing the design of the old SSLv3.0). This vulnerability allows the plaintext of secure connections to be calculated by a network attacker. The exploit could be used to intercept critical data that’s supposed to be encrypted between clients and servers.
Firefox browser
Open up about:config, search for security.tls.version.min and set the value from 0 to 1. Then restart your Mozilla Firefox browser. Restart is only require to drop any open SSL connections.
Apache HTTPD Server:
If you own Apache server, just include the following line in your configuration among other SSL directives:
SSLProtocol All -SSLv2 -SSLv3
And restart Apache service
If your site is publicly available, test it using Qualys' SSL Labs tool.
Nginx server:
If you're running Nginx, just include the following line in your configuration among other SSL directives:
ssl_protocols: TLSv1 TLSv1.1 TLSv1.2;
And restart Nginx service.
Sources: Google
0 comments:
Post a Comment