oss-sec mailing list archives
Re: SSL POODLE
From: Florian Weimer <fweimer () redhat com>
Date: Wed, 15 Oct 2014 09:10:24 +0200
On 10/15/2014 08:05 AM, Krassimir Tzvetanov wrote:
Agreed: just I think you meant "1": security.tls.version.min == 1 (not 3)... from: http://kb.mozillazine.org/Security.tls.version.* --- 1 TLS 1.0 is the minimum required / maximum supported encryption protocol. (This is the current default for the maximum supported version.) ---
What seems to get lost is this part of Mozilla's announcement:“This relies on a behavior of browsers called insecure fallback, where browsers attempt to negotiate lower versions of TLS or SSL when connections fail.”
<https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/>As far as I can tell, the TLS downgrade protection mechanism work. However, browsers have an out-of-protocol, unprotected downgrade mechanism to SSL 3.0. (The Firefox function is called “retryDueToTLSIntolerance”.) I think we would be better off disabling *that* mechanism (for which configuration knob seems to exist, alas), instead of disabling SSL 3.0 or adding a different protocol version probing mechanism.
From what I can tell, applications which simply use one the usual TLS implementations and do not implement their own protocol downgrade are still secure even if both ends implement SSL 3.0 support because the version numbers are protected by the handshake hash and the TLS implementation will never negotiate use of the SSL 3.0 protocol version.
-- Florian Weimer / Red Hat Product Security
Current thread:
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:), (continued)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Alexander Cherepanov (Oct 28)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Kurt Seifried (Oct 28)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Alexander Cherepanov (Oct 28)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Kurt Seifried (Oct 28)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Michal Zalewski (Oct 29)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Dave Horsfall (Oct 29)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Michal Zalewski (Oct 29)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Solar Designer (Nov 03)
- Re: SSL POODLE (Truly scary SSL 3.0 vuln) gremlin (Oct 14)
- Re: SSL POODLE (Truly scary SSL 3.0 vuln) Krassimir Tzvetanov (Oct 14)
- Re: SSL POODLE Florian Weimer (Oct 15)
- Re: SSL POODLE Hanno Böck (Oct 15)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Reed Loden (Oct 14)
- RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 15)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Pierre Schweitzer (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: mancha (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Krassimir Tzvetanov (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Ben Lincoln (0E1C7DBB - OSS) (Oct 15)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Hanno Böck (Oct 15)