With the release of the BEAST SSL attack research due tomorrow, researchers are beginning to take note of potential fixes and mitigations for the attack. One of the possibilities is moving to newer versions of TLS that are not vulnerable to the attack, but the problem is that there is precious little adoption of those newer versions.
Some of the browser vendors have been looking at possible remedies for the attack on TLS developed by Juliano Rizzo and Thai Duong, and Opera was the first to develop a fix for it. The company initially implemented the fix in its browser, but then discovered that it broke a small percentage of sites and did not push the fix into the final version of Opera. The default configuration of Opera isn’t vulnerable to the new attack, but if users change some settings, the browser can become susceptible to the attack.
Rizzo and Duong’s attack, which Rizzo will present at the Ekoparty conference on Friday, is aimed at TLS 1.0, which is an older version of the protocol, and the newer versions are not vulnerable. However, as Opera’s own research found, the adoption of TLS 1.1 and 1.2 among Web sites is far too low to just make the switch in the browser. Opera found that just 0.25 percent of sites supports TLS 1.1 and 0.02 percent support version 1.2. TLS 1.0 is quite an old standard, and even versions 1.1 and 1.2 have been approved for several years now, but many of the more recent versions of the major browsers don’t support the newer releases of TLS, which presents a problem for site operators who would like to upgrade. If their users can’t handle TLS 1.1 or 1.2, upgrading could cost them customers.
For example, the latest version of Mozilla Firefox has the boxes for SSL 3.0 and TLS 1.0 checked by default and there is no option for users to enable support for newer versions of TLS. Internet Explorer 9 gives users the ability to enable support for TLS 1.1 and 1.2 in Internet Options under the Advanced tab. But, unless the site on the other end of the connection is using a newer version of the protocol as well, that doesn’t do the user much good.
Opera isn’t the only vendor who is working on a fix. Google also has been preparing a patch for its Chrome browser and the company has pushed that fix to its development channel already, officials say. The company is hoping to have the fix go through the typical process of moving to the beta channel and then the stable channel without having to push it out as an emergency fix.
A new report by security researcher Thierry Zoller that looked at browser support for various versions of the TLS protocol found that support for anything newer than TLS 1.0 is quite spotty. Also in the report, Zoller recommends that sites that use SSL drop support for SSL 2.0 and 3.0 and only support TLS 1.0 and later.