Aaron Zauner azet at azet.org
Wed Oct 15 01:50:31 CEST 2014


Guess it's good we opted to forbid SSLv3 where possible:


My colleague, Bodo Möller, in collaboration with Thai Duong and
Krzysztof Kotowicz (also Googlers), just posted details about a
padding oracle attack against CBC-mode ciphers in SSLv3. This
attack, called POODLE, is similar to the BEAST attack and also
allows a network attacker to extract the plaintext of targeted parts
of an SSL connection, usually cookie data. Unlike the BEAST attack,
it doesn't require such extensive control of the format of the
plaintext and thus is more practical.


A little further down the line, perhaps in about three months, we
hope to disable SSLv3 completely. The changes that I've just landed
in Chrome only disable fallback to SSLv3 – a server that correctly
negotiates SSLv3 can still use it. Disabling SSLv3 completely will
break even more than just disabling the fallback but SSLv3 is now
completely broken with CBC-mode ciphers and the only other option is
RC4, which is hardly that attractive. Any servers depending on SSLv3
are thus on notice that they need to address that now.


Further information:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20141015/300be58d/attachment.sig>

More information about the Ach mailing list