Despite being obsolete for a long time but still widely utilized, the cryptographic protocol SSL (Secure Sockets Layer) 3.0 has just been revealed to have a gaping security flaw by Google’s Security Team. According to Bodo Möller, “This vulnerability allows the plaintext of secure connections to be calculated by a network attacker.”
Despite the fact that SSL 3.0 has been replaced by TLS (Transport Layer Security) 1.0, TLS 1.1 and TLS 1.2, there are still a lot of TLS implementations that are backwards compatible with SSL 3.0, allowing them to work with legacy systems to provide a smoother user experience.
In most cases, the security protocol handshake allows for authenticated version negotiation. This means that the latest protocol version that is common to both the client and the server will be used. The problem, which allows all the chaos to ensue, is “if a client and server both support a version of TLS, the security level offered by SSL 3.0 is still relevant since many clients implement a protocol downgrade dance to work around serve side interoperability bugs.”
An example attack known as POODLE (Padding Oracle On Downgraded Legacy Encryption shows how an attacker can steal “secure” HTTP cookies or other bearer tokens, like HTTP Authorization header contents. The security hole in the root is that the SSL 3.0 RC4 encryption is broken. The RC4 cipher dates back to 1987 so it isn’t as reliable as it used to be. There are a lot of ways to break into it, though that hasn’t stopped it and SSL 3.0 from being used. In fact, as late as 2013, Microsoft stated that over 40% of web connections were still using RC4.
POODLE has shown us that there is a way to exploit this vulnerability on today’s internet. Möller explains that it works by using a well-known main-in-the-middle attack style, BEAST. POODLE requires an SSL 3.0 connection to be established. If you disable SSl 3.0 on either client program, usually a web brosers, client or in the server you can avoid the attack altogether. However, if SSL 3.0 is the only encryption protocol they have in common then Möller states, “all hope is gone, and a serious update is required to avoid insecure encryption.”
Scary words indeed. So what can we do about it?Well first off we need to disable SSL 3.0 support or, at the very least, turn off CBC (Cipher Block Chaining). The problem is that even now that can do bring up some serious compatibility problems with older web browsers and web servers. Google suggests support of TLS_FALLBACK_SCSV on your web or SSH servers as this prevents the server from allowing failed connections to retry. As a result, this prevents browsers from defaulting to SSL 3 when they’re unable to connect with an up-to-date protocol.
Möller went on to say, “Google Chrome and our servers have supported TLS_FALLBACK_SCSV since February and thus we have good evidence that it can be used without compatibility problems. Additionally, Google Chrome will begin testing changes today that disable the fallback to SSL 3.0. This change will break some sites and those sites will need to be updated quickly. In the coming months, we hope to remove support for SSL 3.0 completely from our client products.”
It seems that the only web browser to support SSL 3.0 is Internet Explorer 6. There are others that still support SSL 3.0 as an option but they aren’t in widespread use. However, if you were to use your web browser on a predatory website that has a POODLE-style attack then you could still be vulnerable to using a SSL 3.0, leaving you open to attack.
If you use Firefox, open about:config, search for “security.enable” and set “security.enable_ssl3” to false. If you’re using Internet Explorer, you need to go to the tools menu, click Internet Options, and go to the Advanced tab. From here look for the Security heading and make sure that the SSL 3.0 check box is unchecked. Web server hosts will need to check with their upstream code provider in the case of open-source programs like Apache and Nginx, or check with your vendor in the case of Microsoft’s IIS (Internet Information Server) for how to turn of SSL 3.0 support.
If you want an analysis of the configuration of any SSL web server on the entire public internet then you can head over to Qualys SSL Labs, a free online service that allows you to enter the URL of a website and have it checked. And remember, if you’re having computer problems, need troubleshooting or repairs then ComputerServiceNow.com is your worldwide computer service professional!