With details of the new POODLE attack on SSLv3 now public, browser vendors are in the process of planning how they’re going to address the issue in their products in a way that doesn’t break the Internet for millions of users but still provides protection.
The attack, which was disclosed by a trio of Google security researchers on Tuesday, allows an attacker on the same network as a victim to decrypt sensitive data that’s protected by SSLv3 encryption. It can be executed in the background and takes advantage of the fact that when a client tries to establish a secure connection to a server and fails, the server will attempt to make the connection using a different protocol, a process known as falling back. An attacker can force an unsuccessful connection and make the server use SSLv3, and then execute the attack.
Officials at Mozilla said that although Firefox only uses SSLv3 for about 0.3 percent of transactions globally, the POODLE attack still represents a significant threat to users. The company is planning to remove the vulnerable protocol from Firefox by the end of next month.
“SSLv3 will be disabled by default in Firefox 34, which will be released on Nov 25. The code to disable it is landing today in Nightly, and will be promoted to Aurora and Beta in the next few weeks. This timing is intended to allow website operators some time to upgrade any servers that still rely on SSLv3,” Richard Barnes of Mozilla said in a blog post.
“As an additional precaution, Firefox 35 will support a generic TLS downgrade protection mechanism known as SCSV. If this is supported by the server, it prevents attacks that rely on insecure fallback.”
Google security officials said that Chrome has supported the SCSV mechanism since February, but warned that disabling SSLv3 will cause problems for site owners who still support the protocol.
“Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks,” said Bodo Möller, one of the Google researchers who developed the attack.
“Google Chrome and our servers have supported TLS_FALLBACK_SCSV since February and thus we have good evidence that it can be used without compatibility problems. Additionally, Google Chrome will begin testing changes today that disable the fallback to SSL 3.0. This change will break some sites and those sites will need to be updated quickly.”
Microsoft issued an advisory about the POODLE attack on Tuesday but didn’t announce any specific plans for disabling the protocol in Windows or Internet Explorer. IE 6, an ancient version of the company’s browser, is the only major browser that doesn’t support anything newer than SSLv3.
“This is an industry-wide vulnerability affecting the SSL 3.0 protocol itself and is not specific to the Windows operating system. All supported versions of Microsoft Windows implement this protocol and are affected by this vulnerability. Microsoft is not aware of attacks that try to use the reported vulnerability at this time. Considering the attack scenario, this vulnerability is not considered high risk to customers,” Microsoft’s advisory says.
