[Ach] POODLE

L. Aaron Kaplan aaron at lo-res.org
Wed Oct 15 08:39:24 CEST 2014



---
Mobile


> On 15.10.2014, at 01:50, Aaron Zauner <azet at azet.org> wrote:
> 
> Hi,
> 
> Guess it's good we opted to forbid SSLv3 where possible:
> 
> https://www.imperialviolet.org/2014/10/14/poodle.html
> 

ACK! 
We should also reference their paper and explain why we disabled it. 

BTW: for that we'll need the cipherstringB macro again - to replace the cipherstring in the document in a consistent way. 

> Quote:
> ```
> My colleague, Bodo Möller, in collaboration with Thai Duong and
> Krzysztof Kotowicz (also Googlers), just posted details about a
> padding oracle attack against CBC-mode ciphers in SSLv3. This
> attack, called POODLE, is similar to the BEAST attack and also
> allows a network attacker to extract the plaintext of targeted parts
> of an SSL connection, usually cookie data. Unlike the BEAST attack,
> it doesn't require such extensive control of the format of the
> plaintext and thus is more practical.
> 
> [...]
> 
> A little further down the line, perhaps in about three months, we
> hope to disable SSLv3 completely. The changes that I've just landed
> in Chrome only disable fallback to SSLv3 – a server that correctly
> negotiates SSLv3 can still use it. Disabling SSLv3 completely will
> break even more than just disabling the fallback but SSLv3 is now
> completely broken with CBC-mode ciphers and the only other option is
> RC4, which is hardly that attractive. Any servers depending on SSLv3
> are thus on notice that they need to address that now.
> 
> [...]
> ```
> 
> Further information:
> https://www.openssl.org/~bodo/ssl-poodle.pdf
> 
> Aaron
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach



More information about the Ach mailing list