POODLE: The cute, fluffy SSL vulnerability
SSL (or more accurately, its successor, TLS) is the technology used to keep your sensitive information, such as credit card details, secure. When you see the green padlock in your address bar, you know that your connection is safe from eavesdroppers. Or is it? Google have published details of a vulnerability in SSLv3. The vulnerability shouldn’t be an issue because SSLv3 has been almost completely replaced by TLS, but some implementations of TLS allow a “secure” connection to be downgraded to SSLv3.
When a computer connects to a secure service, such as an HTTPS website, the two sides will negotiate the version of the protocol to be used (a “handshake”). A server will initially offer a handshake using the strongest security it and the client are capable of. If the client does not respond correctly – for example because the client was incorrectly detected (and therefore is incapable of using that level of security), or because of a network glitch, the server will offer progressively weaker handshakes, until SSLv3 is used. This means that an active attacker could tamper with the SSL handshake using a man in the middle attack until it degrades to SSLv3.
At this time1, the best way to avoid this vulnerability is to disable support for SSLv3, both client-side and server-side. Systems administrators should disable SSLv3 by updating their server configuration, although note that in doing so you will prevent access from some very old platforms, most notably IE6 on Windows XP, which don’t support TLS. End users should update their web browsers, as vendors are releasing new versions which disable SSLv3. If you’re still using IE6 on Windows XP and didn’t already have enough good reasons to upgrade, then this is another very good one.
Managed customers will have received an email from us, offering to make the necessary configuration changes to disable SSLv3. We would normally immediately apply a security patch, but as this breaks Windows XP / Internet Explorer 6 support we’ll wait for confirmation before applying it.
If you’re not a managed customer, add the following line to your Apache configuration file:
SSLProtocol All -SSLv2 -SSLv3
If you’re using Nginx, add:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
While dealing with SSLv3, it’s a good idea to run an SSL test using Qualys SSL Labs – this will check things like lack of SSL2 support (vulnerable since 1995), using SHA256, TLS 1.2 support, and support for perfect forward secrecy, among other things.
If this all sounds too complicated, it may be worth considering our management service. We’ll apply security patches for you, as well as monitoring your application and intervening if necessary, providing graphing and backups, and checking the health of your hard disks.
1 – TLS_FALLBACK_SCSV is an alternative fix, however at the moment server support is poor. However, a strong advantage of enabling it is that “fallback” attacks will be prevented in the future – allowing clients to use weaker security is rarely a good idea.