oss-sec mailing list archives

Re: SSL POODLE

From: Hanno Böck <hanno () hboeck de>
Date: Wed, 15 Oct 2014 09:20:18 +0200

Am Wed, 15 Oct 2014 09:10:24 +0200
schrieb Florian Weimer <fweimer () redhat com>:

As far as I can tell, the TLS downgrade protecton mechanism
work. However, browsers have an out-of-protocol, unprotected
downgrade mechanism to SSL 3.0.  (The Firefox function is called 
“retryDueToTLSIntolerance”.)  I think we would be better off
disabling *that* mechanism (for which configuration knob seems to
exist, alas), instead of disabling SSL 3.0 or adding a different
protocol version probing mechanism.


+1

I've argued for that since... 2008!
https://bugzilla.mozilla.org/show_bug.cgi?id=450280

Basically that's one of the scary parts of this:
1. We have an in-protocol downgrade mechanism
2. People develop broken SSL implementations that don't work with that
3. Browsers have a non-protocol workaround that allows out-of-protocol
downgrades
4. These downgrades cause compatibility issues
5. People put more duct tape around this workaround (that's not part of
the protocol) by inventing a new protocol (SCSV) that adds more
complexity to TLS
6. These downgrades cause security issues (NOT the first time!
One of the Blackhat Virtual Host Confusion attacks also relied on these
downgrades)

Basically I'd group POODLE together with BERserk as the "we could've
avoided it"-vulnerabilities in SSL/TLS.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: signature.asc
Description:

Current thread:

Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:), (continued)
- - - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Kurt Seifried (Oct 28)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Alexander Cherepanov (Oct 28)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Kurt Seifried (Oct 28)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Michal Zalewski (Oct 29)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Dave Horsfall (Oct 29)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Michal Zalewski (Oct 29)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Solar Designer (Nov 03)
    - Re: SSL POODLE (Truly scary SSL 3.0 vuln) gremlin (Oct 14)
    - Re: SSL POODLE (Truly scary SSL 3.0 vuln) Krassimir Tzvetanov (Oct 14)
    - Re: SSL POODLE Florian Weimer (Oct 15)
    - Re: SSL POODLE Hanno Böck (Oct 15)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: Reed Loden (Oct 14)
    - RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 15)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: Pierre Schweitzer (Oct 14)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: mancha (Oct 14)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: Krassimir Tzvetanov (Oct 14)
  - Re: Truly scary SSL 3.0 vuln to be revealed soon: Pierre Schweitzer (Oct 15)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: Ben Lincoln (0E1C7DBB - OSS) (Oct 15)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: Hanno Böck (Oct 15)
  - Re: Truly scary SSL 3.0 vuln to be revealed soon: ishish (Oct 16)
    - RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 16)

(Thread continues...)