Another week, and another critical vulnerability hit the Internet. The interesting bit about this vulnerability was that everyone sort of knew that a critical vulnerability involving SSL version 3 (SSLv3) will be announced prior to the day it was announced. So there was a lot of speculations on what the critical vulnerability is all about, who knew about it and will it be as bad as the notorious OpenSSL Heartbleed. The overwhelming concern was definitely understandable. SSL or TLS for that matter, live in millions of web servers and perhaps, billions of web clients. In addition, with availability of free scanning service by SSL Labs, it is quite trivial for someone to check if you still support the vulnerable protocol.
So finally when it was disclosed there was no fancy name nor logo – just POODLE. Joke aside, it is still a very critical vulnerability but perhaps not ‘as bad as’ the OpenSSL Heartbleed if you insist on making a comparison. The problem was specific to the SSLv3 protocol itself . I find the blog post by Erratasec quite effective in giving the right perspective or context of the impact of this vulnerability. For more technical explanation of the attack, please head to Imperial Violets or Daniel Franke blog.
For me, the letter D in POODLE is perhaps the most interesting part about this attack. An attacker is able to exploit the backward compatibility feature (aka performing the Downgrade Dance) of the TLS and force the client and server to use SSLv3. This gives some interesting food for thought especially when you are doing risk assessment before you deploying a new technology/platform/protocol in your environment. As demonstrated here, being able to force falling-back to something that is not secure means game over!
Geting Rid of SSLv3
Unlike Shell Shock where way forward is to upgrade the software, there is no patch for the POODLE attack. Instead, the only mitigation you have to to avoid using SSL version 3 entirely (Ok, you can also consider TLS_FALLBACK_SCSV as the super last resort). I think this is a positive take-away of this particular disclosure. Hopefully enough people were paying attention and now can make sure that servers and clients are using the latest and more secure protocols. For a start it is good to see that Mozilla is disabling SSLv3 in Firefox 34.
Better Crypto, Anyone?
Now before you get distracted by another super bug or 0-day attack , it is probably a good time to consider some of the best practice documents on how to set things up correctly.
The first one is the Applied Crypto Hardening document from the BetterCrypto project. It is a very straight-forward guideline on how to configure crypto for services such as web, vpn, ssh, databases, pgp and so on. Although still in its draft, I find it really useful because you can just cut & paste the configuration. It seems that it will probably get an update because of the POODLE attack and most importantly, you can also contribute contents to the document.
The second one is written by Ivan Ristic from Qualys SSL Labs . His guide on SSL/TLS Deployment Best Practices gives a very good overview on what are the important things consider when deploying SSL/TLS. If you need to learn more, then perhaps you can consider checking out Ivan’s book Bulletproof SSL & TLS .
APNIC has also updated all of our sites and disable SSL version 3 on all of our sites.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.