The recently disclosed protocol flaw in SSLv3, referred to as CVE-2014-3566 or POODLE attack (which stands for Padding Oracle On Downgraded Legacy Encryption), could expose some deployments that support SSLv3 to a risk of an active Man in the Middle (MITM) attack. A successful attack could lead to the disclosure of the information that is being sent over the encrypted channel.
Any website that supports SSLv3 is vulnerable to POODLE, even if it also supports more recent versions of TLS. In particular, these servers are subject to a downgrade attack, in which the attacker tricks the browser into connecting with SSLv3. This relies on a behaviour of browsers called insecure fallback, where browsers attempt to negotiate lower versions of TLS or SSL when connections fail.
How could an attacker exploit the vulnerability?
In a man-in-the-middle (MiTM) attack, an attacker could downgrade an encrypted TLS session forcing clients to use SSL 3.0 and then force the browser to execute malicious code. This code sends several requests to a target HTTPS website, where cookies are sent automatically if a previous authenticated session exists. This is a required condition in order to exploit this vulnerability. The attacker could then intercept this HTTPS traffic, and by exploiting a weakness in the CBC block cipher in SSL 3.0, could decrypt portions of the encrypted traffic (e.g. authentication cookies).
What causes the vulnerability?
The vulnerability is caused by the lack of CBC block cipher padding verification in SSL 3.0.
To check POODLE vulnerability. Click here
SSL version 3.0 is no longer secure. Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible, in order to avoid compromising users’ private information
Fixes for Browsers
- Go to Settings, Internet Options and click on the Advanced tab.
- Uncheck the U s e S S L 3 . 0 checkbox
- Add the command line flag – – s s l – v e r s i o n – m i n = t l s
- In Windows, right click on the Chrome shortcut, hit Properties and add the command line flag
- Disabling SSLv3 in Chrome (MAC):
- first quit the Chrome prior to reopening it using the script
- Launch Chrome using an AppleScript that contains the following
- Do shell script “open -a /Applications/Google\\ Chrome.app –args –ssl-version-min=tls1”
- Type a b o u t : c o n f i g into their address bar
- Type s e c u r i t y . t l s . v e r s i o n . m i n into the search box. This will bring up the setting that needs to be changed from 0 to 1.
- By changing the setting Firefox will be forced to only use TLSv1.0 or better, which is not vulnerable to POODLE.
- Then restart your browser to drop any open SSL connections.
- If disabling SSL 3.0 is not possible, TLS client and server implementations should make use of the TLS_FALLBACK_SCSV cipher suite value to prevent man-in-the-middle attackers from forcing unnecessary protocol downgrades.
Fixes for Web Servers
- To disable SSLv3 on the Apache server, the following can be configured:
- S S L P r o t o c o l A l l – S S L v 2 – S S L v 3
- This will ensure that TLSv1.0, TLSv1.1 and TLSv1.2 are supported and explicitly remove support for SSLv2 and SSLv3. Check the config and then restart Apache.
- a p a c h e c t l c o n f i g t e s t
- s u d o s e r v i c e a p a c h e 2 r e s t a r t
- To disable SSLv3 support on NGINX, the following settings can be configured:
- s s l _ p r o t o c o l s T L S v 1 T L S v 1 . 1 T L S v 1 . 2
- Similar to the Apache config above, TLSv1.0+ would be supported and no SSL would be enabled. Check the config and restart :
- s u d o n g i n x – t
- s u d o s e r v i c e n g i n x r e s t a r t
- To disable SSLv3 support on IIS, the following settings can be configured:
- Modify / create a registry DWORD value.
- H K e y _ L o c a l _ M a c h i n e \ S y s t e m \ C u r r e n t C o n t r o l S e t \ C o n t r o l \ S e c u r i t y P r o v i d e r s \ S C H A N N E L \ P r o t o c o l s
- Inside protocols, the S S L 2 . 0 key would be already present, so create S S L 3 . 0 alongside it if needed. Under that create a S e r v e r key and inside there a DWORD value called E n a b l e d with value 0 . then restart the server. Click here for more information
- To disable SSLv3 support on Weblogic, the following settings can be configured
- Start WebLogic server with the following JVM option
Disable support for CBC-based cipher suites when using SSL 3.0 (in either client or server).
You can do it by editing you config.xml
TOMCAT and JBOSS
To disable SSLv3 support on Tomcat & JBoss. Click here