[Ach] POODLE
L. Aaron Kaplan
aaron at lo-res.org
Wed Oct 15 08:39:24 CEST 2014
---
Mobile
> On 15.10.2014, at 01:50, Aaron Zauner <azet at azet.org> wrote:
>
> Hi,
>
> Guess it's good we opted to forbid SSLv3 where possible:
>
> https://www.imperialviolet.org/2014/10/14/poodle.html
>
ACK!
We should also reference their paper and explain why we disabled it.
BTW: for that we'll need the cipherstringB macro again - to replace the cipherstring in the document in a consistent way.
> Quote:
> ```
> My colleague, Bodo Möller, in collaboration with Thai Duong and
> Krzysztof Kotowicz (also Googlers), just posted details about a
> padding oracle attack against CBC-mode ciphers in SSLv3. This
> attack, called POODLE, is similar to the BEAST attack and also
> allows a network attacker to extract the plaintext of targeted parts
> of an SSL connection, usually cookie data. Unlike the BEAST attack,
> it doesn't require such extensive control of the format of the
> plaintext and thus is more practical.
>
> [...]
>
> A little further down the line, perhaps in about three months, we
> hope to disable SSLv3 completely. The changes that I've just landed
> in Chrome only disable fallback to SSLv3 – a server that correctly
> negotiates SSLv3 can still use it. Disabling SSLv3 completely will
> break even more than just disabling the fallback but SSLv3 is now
> completely broken with CBC-mode ciphers and the only other option is
> RC4, which is hardly that attractive. Any servers depending on SSLv3
> are thus on notice that they need to address that now.
>
> [...]
> ```
>
> Further information:
> https://www.openssl.org/~bodo/ssl-poodle.pdf
>
> Aaron
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
More information about the Ach
mailing list