L. Aaron Kaplan
aaron at lo-res.org
Wed Oct 15 08:39:24 CEST 2014
> On 15.10.2014, at 01:50, Aaron Zauner <azet at azet.org> wrote:
> Guess it's good we opted to forbid SSLv3 where possible:
We should also reference their paper and explain why we disabled it.
BTW: for that we'll need the cipherstringB macro again - to replace the cipherstring in the document in a consistent way.
> My colleague, Bodo Möller, in collaboration with Thai Duong and
> Krzysztof Kotowicz (also Googlers), just posted details about a
> padding oracle attack against CBC-mode ciphers in SSLv3. This
> attack, called POODLE, is similar to the BEAST attack and also
> allows a network attacker to extract the plaintext of targeted parts
> of an SSL connection, usually cookie data. Unlike the BEAST attack,
> it doesn't require such extensive control of the format of the
> plaintext and thus is more practical.
> A little further down the line, perhaps in about three months, we
> hope to disable SSLv3 completely. The changes that I've just landed
> in Chrome only disable fallback to SSLv3 – a server that correctly
> negotiates SSLv3 can still use it. Disabling SSLv3 completely will
> break even more than just disabling the fallback but SSLv3 is now
> completely broken with CBC-mode ciphers and the only other option is
> RC4, which is hardly that attractive. Any servers depending on SSLv3
> are thus on notice that they need to address that now.
> Further information:
> Ach mailing list
> Ach at lists.cert.at
More information about the Ach