SSL v3.0 POODLE Vulnerability

A new SSL bug was announced today – CVE-2014-3566 (SSL v3.0 POODLE vulnerability).

This vulnerability affects servers still running SSL 3.0. It centers on cipher block chaining (CBC) encryption implementation and allow attackers with a Man-in-the-Middle (MITM) position to derive the contents of a secure payload based on responses received from requests sent from a compromised browser to a legitimate server.

One way to remedy this issue is to disable SSL 3.0 support or disable SSL 3.0 CBC-mode ciphers on your servers, but this presents significant compatibility problems with older browsers (specifically WindowsXP users who browse using Internet Explorer 6). Instructions on how to disable it on NGINX can be found here.

The other option (recommended by Google among others) is to make use of TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.

Unfortunately TLS_FALLBACK_SCSV is currently a draft extension to SSL/TLS and has not yet been accepted into OpenSSL or made it’s way into major browsers other than Chrome.

You can use GeoTrust’s SSL Tool Box to detect if SSL 3.0 is enabled on a web server.