← Back to the Blog

SSL - New Exploits Take a Bite

By Sid Young
SSL - New Exploits Take a Bite

Three Google engineers have recently released a paper outlining a vulnerability in SSL used in all web browsers, it's been nick-named "POODLE", which stands for Padding Oracle On Downgraded Legacy Encryption.

What is POODLE?

The vulnerability allows encrypted information to be exposed by an attacker and is a potentially serious problem because it's used by both Web Sites and Web Browsers. Both must be reconfigured to prevent the use of SSL 3.0, POODLE will remain a problem as long as SSL 3.0 is supported.

POODLE is a new security hole in Secure Socket Layer (SSL) 3.0 that makes the protocol, now 15-years old, nearly impossible to use safely. While SSL 3.0 is no longer the most advanced form of Web encryption in use (it was long replaced by Transport Layer Security - TLS) the exploit uses techniques to downgrade the negotiated security session back to SSL 3.0 rather the the highest available TLS 1.2

SSL 3.0 is used when browsers and secure HTTP servers encounter errors in Transport Layer Security (TLS), SSL's more modern, less vulnerable replacement.

The good news is that not much of the Web relies on SSL 3.0 anymore. A recent study by the University of Michigan showed that there are few sites that rely on SSL 3.0 for anything, with less than 0.3% of secure communication between site and server depending on SSL 3.0.

The security threat that POODLE presents is that an attacker can force your browser to downgrade to SSL 3.0. After that numerous vulnerabilities are open to them. However, the attacker must perform a "Man in the Middle" attack, in other words they need to intercept your network traffic and then directly negotiate a downgrade of the security protocol.

The Solution

The solution is to disable SSL 3.0 support. Because disabling SSL 3.0 outright may cause compatibility problems for some sites and servers, it's been recommended that administrators add support for TLS_FALLBACK_SCSV, a TLS protocol that blocks attackers from fooling browsers into downgrading to not only SSL 3.0, but TLS 1.0 and TLS 1.1 as it may prevent future attacks. Google Chrome and Google servers have supported this solution since February 2014 which indicates it can be used without compatibility problems.

What YOU can do

In your web browser, select Internet Options, and under the Advanced or Security tabs uncheck any support options fo SSLv3. Mozilla Firefox has a security Add-on that can do this and Chrome also supports a command line option to disable SSL using --sll-version-min=tls1 In Internet Explorer its under "Internet Options", "Advanced" tab, scroll down the list and uncheck the "SSL 3.0" checkbox, ensure the TLS options are checked.


For More Information see the below articles:

The Google article is here in PDF form.

Disable SSLv3 support in the Apache Web Server

Disable SSLv3 support in the NGINX Web Server