POODLE SSL Vulnerability – The End of Life for SSL 3.0

This entry was posted in InfoSec-Reads on by .

Overview

The recently disclosed protocol flaw in SSLv3, referred to as CVE-2014-3566 or POODLE attack (which stands for Padding Oracle On Downgraded Legacy Encryption), could expose some deployments that support SSLv3 to a risk of an active Man in the Middle (MITM) attack. A successful attack could lead to the disclosure of the information that is being sent over the encrypted channel.

Any website that supports SSLv3 is vulnerable to POODLE, even if it also supports more recent versions of TLS. In particular, these servers are subject to a downgrade attack, in which the attacker tricks the browser into connecting with SSLv3. This relies on a behaviour of browsers called insecure fallback, where browsers attempt to negotiate lower versions of TLS or SSL when connections fail.

How could an attacker exploit the vulnerability?
In a man-in-the-middle (MiTM) attack, an attacker could downgrade an encrypted TLS session forcing clients to use SSL 3.0 and then force the browser to execute malicious code. This code sends several requests to a target HTTPS website, where cookies are sent automatically if a previous authenticated session exists. This is a required condition in order to exploit this vulnerability. The attacker could then intercept this HTTPS traffic, and by exploiting a weakness in the CBC block cipher in SSL 3.0, could decrypt portions of the encrypted traffic (e.g. authentication cookies).

Like the BEAST attack, to exploit this vulnerability the attacker must have the capability to run his javascript in the victim’s browser and to be able to Man-in-the-Middle the connection between the client and server.

What causes the vulnerability?
The vulnerability is caused by the lack of CBC block cipher padding verification in SSL 3.0.

To check POODLE vulnerability. Click here

SOLUTIONS
SSL version 3.0 is no longer secure. Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible, in order to avoid compromising users’ private information

Fixes for Browsers

Internet Explorer:

  • Go to Settings, Internet Options and click on the Advanced tab.
  • Uncheck the U s e S S L 3 . 0 checkbox

Google Chrome:

  • Add the command line flag – – s s l – v e r s i o n – m i n = t l s
  • In Windows, right click on the Chrome shortcut, hit Properties and add the command line flag
  • Disabling SSLv3 in Chrome (MAC):
  • first quit the Chrome prior to reopening it using the script
  • Launch Chrome using an AppleScript that contains the following
  • Do shell script “open -a /Applications/Google\\ Chrome.app –args –ssl-version-min=tls1”

Mozilla Firefox:

  • Type a b o u t : c o n f i g into their address bar
  • Type s e c u r i t y . t l s . v e r s i o n . m i n into the search box. This will bring up the setting that needs to be changed from 0 to 1.
  • By changing the setting Firefox will be forced to only use TLSv1.0 or better, which is not vulnerable to POODLE.
  • Then restart your browser to drop any open SSL connections.
  • If disabling SSL 3.0 is not possible, TLS client and server implementations should make use of the TLS_FALLBACK_SCSV cipher suite value to prevent man-in-the-middle attackers from forcing unnecessary protocol downgrades.

Fixes for Web Servers

APACHE

  • To disable SSLv3 on the Apache server, the following can be configured:
  • S S L P r o t o c o l A l l – S S L v 2 – S S L v 3
  • This will ensure that TLSv1.0, TLSv1.1 and TLSv1.2 are supported and explicitly remove support for SSLv2 and SSLv3. Check the config and then restart Apache.
  • a p a c h e c t l c o n f i g t e s t
  • s u d o s e r v i c e a p a c h e 2 r e s t a r t

NGINX

  • To disable SSLv3 support on NGINX, the following settings can be configured:
  • s s l _ p r o t o c o l s T L S v 1 T L S v 1 . 1 T L S v 1 . 2
  • Similar to the Apache config above, TLSv1.0+ would be supported and no SSL would be enabled. Check the config and restart :
  • s u d o n g i n x – t
  • s u d o s e r v i c e n g i n x r e s t a r t

IIS

  • To disable SSLv3 support on IIS, the following settings can be configured:
  • Modify / create a registry DWORD value.
  • H K e y _ L o c a l _ M a c h i n e \ S y s t e m \ C u r r e n t C o n t r o l S e t \ C o n t r o l \ S e c u r i t y P r o v i d e r s \ S C H A N N E L \ P r o t o c o l s
  • Inside protocols, the S S L 2 . 0 key would be already present, so create S S L 3 . 0 alongside it if needed. Under that create a S e r v e r key and inside there a DWORD value called E n a b l e d with value 0 . then restart the server. Click here for more information

WEBLOGIC

  • To disable SSLv3 support on Weblogic, the following settings can be configured
  • Start WebLogic server with the following JVM option
  • -Dweblogic.security.SSL.protocolVersion=TLS1

Disable support for CBC-based cipher suites when using SSL 3.0 (in either client or server).

You can do it by editing you config.xml
1<ssl>
2<enabled>true</enabled>
3<ciphersuite>TLS_RSA_WITH_RC4_128_SHA</ciphersuite>
4<ciphersuite>TLS_RSA_WITH_RC4_128_MD5</ciphersuite>
5<hostname-verification-ignored>true</hostname-verification-ignored>
6<listen-port>7002</listen-port>
7<server-private-key-alias>xxxxxxx</server-private-key-alias>
8<server-private-key-pass-phrase-encrypted>xxxxxx</server-private-key-pass-phrase-encrypted>
9<ssl>

TOMCAT and JBOSS

To disable SSLv3 support on Tomcat & JBoss. Click here

Leave a Comment

Your email address will not be published. Required fields are marked *