Google revealed the details of a critical vulnerability in the design of the Secure Sockets Layer (SSL) encryption, version 3.0, dubbed POODLE (Padding Oracle On Downgraded Legacy Encryption), earlier this week.
Using this kink in the armour, a network attacker can calculate the plaintext of secure connections, writes Bodo Möller of the Google Security Team, in a blog post. He discovered this issue in fellow Googlers Thai Duong and Krzysztof Kotowicz.
In case of a bug in HTTPS servers, browsers retry failed connections with older protocol versions, including SSL 3.0. A network attacker can force the use of SSL 3.0, by causing connection failures. Considering SSL 3.0’s widespread usage through most browsers, this poses a serious security issue.
More than disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, which might cause compatibility issues with to pop up Google recommends supporting TLS_FALLBACK_SCSV, a mechanism that it claims, “solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.”
“Google Chrome and our servers have supported TLS_FALLBACK_SCSV since February and thus we have good evidence that it can be used without compatibility problems. Additionally, Google Chrome will begin testing changes today that disable the fallback to SSL 3.0. This change will break some sites and those sites will need to be updated quickly,” writes Möller.
“[Poodle] is an industry-wide vulnerability that affects the protocol itself, and is not specific to Microsoft’s implementation of SSL or the Windows operating system,” wrote Tracey Pretorius, director of Response Communications, Microsoft, in context to the threat advisory issued earlier informing that SSL 3.0 will drive old sites offline.
Google will remove support for SSL 3.0 from its client products, in the next few months.
Read more here
(Image Credit: Danny Sullivan)