SSL POODLE attacks on SSLv3 vulnerability

eva2000 · Oct 16, 2014

Disabling SSLv3 on your web browser side Protecting Browsers against POODLE

Use dev version of ssllabs client test for checking browser has SSLv3 disabled Qualys SSL Labs - Projects / SSL Client Test The non-dev version doesn't properly report disabled SSLv3

eva2000 · Oct 16, 2014

Cloudflare disables SSLv3 across their network SSLv3 Support Disabled By Default Due to POODLE Vulnerability

Generally, modern browsers will default to a more modern encryption protocol (e.g., TLSv1.2). However, it's possible for an attacker to simulate conditions in many browsers that will cause them to fall back to SSLv3. The risk from this vulnerability is that if an attacker could force a downgrade to SSLv3 then any traffic exchanged over an encrypted connection using that protocol could be intercepted and read.

In response, CloudFlare has disabled SSLv3 across our network by default for all customers. This will have an impact on some older browsers, resulting in an SSL connection error. The biggest impact is Internet Explorer 6 running on Windows XP or older. To quantify this, we've been tracking SSLv3 usage.

SSLv3 Usage Stats
Across our network, 0.09% of all traffic is SSLv3. For HTTPS traffic, 0.65% across our network uses SSLv3. The good news is most of that traffic is actually attack traffic and some minor crawlers. For real visitor traffic, today 3.12% of CloudFlare's total SSL traffic comes from Windows XP users. Of that, 1.12% Windows XP users connected using SSLv3. In other words, even on an out-of-date operating system, 98.88% Windows XP users connected using TLSv1.0+ — which is not vulnerable to this vulnerability.

Beyond human browser traffic, some crawlers default to SSLv3. The largest crawler we see defaulting to SSLv3 is Pingdom's. [Added Oct 15, 2014: The original statement is true. However, Pingdom's crawler appropriately tests with TLS if SSLv3 is not available, and always has, so there's no impact to availability monitoring. Apologies for any confusion on this point. Original text follows, but their crawler has and does support HTTPS over other protocols.]Pingdom is a CloudFlare partner. We alerted them to this issue and are actively working with them to ensure that their crawler will support HTTPS over a protocol other than SSLv3.
Click to expand...

eva2000 · Oct 16, 2014

SSLLabs test has added Poodle advisory check message which seems to check for TLS_FALLBACK_SCSV support Qualys SSL Labs - Projects / SSL Server Test

for forums community.centminmod.com RSA 2048 bit with Cloudflare RC4 Kill patch + OpenSSL 1.0.2 beta4 + chacha20_poly1305 cipher support + (will implement OpenSSL 1.0.2 patch for TLS_FALLBACK_SCSV later today although not necessary as I have SSLv3 disabled)

for sslspdy.com which uses ECC 256 bit certificates with Cloudflare RC4 Kill patch + OpenSSL 1.0.2 beta4 + chacha20_poly1305 cipher support + OpenSSL 1.0.2 patch for TLS_FALLBACK_SCSV

eva2000 · Oct 16, 2014

FYI, this very forum has now updated to using Centmin Mod .08 beta code from this point foward combined with bleeding edge SSL config setup Upgrades to Centmin Mod .08 beta and OpenSSL 1.0.2 with POODLE SSLv3 patch | Centmin Mod Community

rdan · Oct 16, 2014

I just used Florens openssl repo

rdan · Oct 16, 2014

I hope I'm fine Qualys SSL Labs - Projects / SSL Server Test / phcorner.net

eva2000 · Oct 16, 2014

RoldanLT said: ↑

I hope I'm fine Qualys SSL Labs - Projects / SSL Server Test / phcorner.net
Click to expand...

looks good to me

rdan · Oct 16, 2014

Bye bye XP users

eva2000 · Oct 16, 2014

RoldanLT said: ↑

Bye bye XP users
Click to expand...

yeah only ~0.0032% for me

rdan · Oct 16, 2014

Woh!
Still wanting to remove ssl/https completely.
I hope there's a solution?

eva2000 · Oct 16, 2014

RoldanLT said: ↑

Woh!
Still wanting to remove ssl/https completely.
I hope there's a solution?
Click to expand...

you going back to non-https ?

rdan · Oct 16, 2014

eva2000 said: ↑

you going back to non-https ?
Click to expand...

Yes if there's a solution?

rdan · Oct 16, 2014

I mean for all my old visitors to force back also to http without redirect loop problem.

eva2000 · Oct 16, 2014

RoldanLT said: ↑

I mean for all my old visitors to force back also to http without redirect loop problem.
Click to expand...

AFAIK, you'd have to suffer through that - well your visitors would

eva2000 · Oct 17, 2014

Redhat OpenSSL updates for TLS_FALLBACK_SCSV support available now Red Hat Customer Portal. Guess waiting on CentOS equivalent releases

Bugs fixed (see bugzilla for more information)
1152789 - CVE-2014-3566 openssl: Padding Oracle On Downgraded Legacy Encryption attack
1152953 - CVE-2014-3513 openssl: SRTP memory leak causes crash when using specially-crafted handshake message
1152961 - CVE-2014-3567 openssl: Invalid TLS/SSL session tickets could cause memory leak leading to server crash
Click to expand...

For Redhat 6 64bit
Code:
x86_64:
openssl-1.0.1e-30.el6_6.2.i686.rpm        MD5: 278926b7afa624194b03a79c81379dcd
SHA-256: e85e84237f069e64333603fbed965b4d0b034c2933c9160eaf4b605d8c3ccd16
openssl-1.0.1e-30.el6_6.2.x86_64.rpm        MD5: 77288f1243c4bf199fc4b6f744f13c89
SHA-256: 904b7d8367de9f94c1878720e634a226ea3c1f67067af6a939dd05f68e7ab1ac
openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm        MD5: a5c62586bfddcfe2d18bf4910685d16a
SHA-256: 5ad1eb82ca9b17be5cd78e39e1e3ec8048e10ecc2bf9b009421680f5bb439064
openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm        MD5: 70bd38e4cdbb698e355c9dbbcd1091f1
SHA-256: be01e3eb8e1cfdc95c91f7d634c6b76a119c3bc1c74e02affccc67f66d518735
openssl-devel-1.0.1e-30.el6_6.2.i686.rpm        MD5: 1e968a7dabf5d30fa6fad4b8451eff21
SHA-256: 32f1611b3c8934fc10ac3ed87e57847bdaa4f4aebb21ed25d3b6c005722d1bda
openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm        MD5: 5aa28f964c7ae6281e16887edbdcd0c8
SHA-256: dcbbbd1b21733e3e3168897120bfc1674c051c4efe7a621d5c5dece211169207
openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm        MD5: 208235778b4409742d1468053e6d5dd7
SHA-256: f14e04f00a6ac0ee2583094cb42c191016fe93aa628360d71063ad245259e8b3
openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm        MD5: eb5521bb44c64ca8df7fe83effaa601b
SHA-256: 31cbe1c6d6b434cddca35a1c27b707e5b0587c6101d1adf003b3c6f6bb1bb397
For Redhat 7 64bit
Code:
x86_64:
openssl-1.0.1e-34.el7_0.6.x86_64.rpm        MD5: 20f3de478123189454e8391c7e7f5fba
SHA-256: 92bd4a7ca76174a626894947455f79d591bc400a5fb001fb38d604409a70f444
openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm        MD5: 705d3b4ec60c2ed413cfa50f0afeabba
SHA-256: e1c4fc368277f02bc2d0657955a36403c1555ab38fa9d0c865c5383febc2b98a
openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm        MD5: 0f6e778f0130698ffd7acc0ad54e2547
SHA-256: 260aeffe0edec7306702c983670b631dd6c7134c6121cabaf033a4c393f90d86
openssl-devel-1.0.1e-34.el7_0.6.i686.rpm        MD5: 8adc48e8f6630c2aa91913c882e3e36d
SHA-256: c7c811a6c9ceca5e474d223939f6f014613f59eac1c2cf1d910bc25faf1195a7
openssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm        MD5: ebfeeea65c5f39bb6ab81dd840c62533
SHA-256: 74f6d0ccfaefdbb042a91fac6111a0ec9c431c0c97528ff147ad839b55fe19de
openssl-libs-1.0.1e-34.el7_0.6.i686.rpm        MD5: faf2536727c4351f63e42f8a62fe6d5e
SHA-256: 0e1307b329d32000b853b3614b5f1e6d88cb673fa5614d5e499802dc8967ca12
openssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm        MD5: a821939689a064a7136fa721a0a07962
SHA-256: b3f6d8b2c201705829d104c0f3c7b03420dd937f3c191aaec6b53c6d43118f25
openssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm        MD5: 3b693add6dd2f2ab323ba1cf3e93a914
SHA-256: f8a5d90f16fa82f10f2c368ce7111a111006d31a6e43cb5e018055d62d825ea7
openssl-static-1.0.1e-34.el7_0.6.i686.rpm        MD5: 58f3806d1649f7a2a934ebe774818fe7
SHA-256: 9c4c823b0ced1577b2775b63365fd096c1ecb70e9ee837d5b3a5089870349d48
openssl-static-1.0.1e-34.el7_0.6.x86_64.rpm        MD5: e7a9eeae6cee59e355411aaa02a6b07d
SHA-256: 3ed6dda62bad80d31b28ae4b159ed3fe4b98ea2bcbdc2caef9f6ea8d56391b26
Details
Updated openssl packages that contain a backported patch to mitigate the
CVE-2014-3566 issue and fix two security issues are now available for Red
Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),
Transport Layer Security (TLS), and Datagram Transport Layer Security
(DTLS) protocols, as well as a full-strength, general purpose cryptography
library.

This update adds support for the TLS Fallback Signaling Cipher Suite Value
(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade
attacks against applications which re-connect using a lower SSL/TLS
protocol version when the initial connection indicating the highest
supported protocol version fails.

This can prevent a forceful downgrade of the communication to SSL 3.0.
The SSL 3.0 protocol was found to be vulnerable to the padding oracle
attack when using block cipher suites in cipher block chaining (CBC) mode.
This issue is identified as CVE-2014-3566, and also known under the alias
POODLE. This SSL 3.0 protocol flaw will not be addressed in a future
update; it is recommended that users configure their applications to
require at least TLS protocol version 1.0 for secure communication.

For additional information about this flaw, see the Knowledgebase article
at POODLE: SSLv3 vulnerability (CVE-2014-3566) - Red Hat Customer Portal

A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure
Real-time Transport Protocol (SRTP) extension data. A remote attacker could
send multiple specially crafted handshake messages to exhaust all available
memory of an SSL/TLS or DTLS server. (CVE-2014-3513)

A memory leak flaw was found in the way an OpenSSL handled failed session
ticket integrity checks. A remote attacker could exhaust all available
memory of an SSL/TLS or DTLS server by sending a large number of invalid
session tickets to that server. (CVE-2014-3567)

All OpenSSL users are advised to upgrade to these updated packages, which
contain backported patches to mitigate the CVE-2014-3566 issue and correct
the CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,
all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.
Click to expand...

eva2000 · Oct 17, 2014

More POODLE SSLv3 explanations in laymen terms at Errata Security: Some POODLE notes

eva2000 · Oct 17, 2014

updates for CentOS are upon us

CentOS 6.5 32bit

Code:

yum clean all -q; yum list updates -q
Updated Packages
openssl.i686                                                                 1.0.1e-30.el6_5.2                                                           updates
openssl-devel.i686                                                           1.0.1e-30.el6_5.2                                                           updates

CentOS 7.0 64bit

Code:

yum clean all -q; yum list updates -q
Updated Packages
openssl.x86_64                                                               1:1.0.1e-34.el7_0.6                                                         updates
openssl-devel.x86_64                                                         1:1.0.1e-34.el7_0.6                                                         updates
openssl-libs.x86_64                                                          1:1.0.1e-34.el7_0.6                                                         updates

For CentOS 7

Code:

rpm -qa -changelog openssl | head -n5
* Wed Oct 15 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-34.6
- fix CVE-2014-3567 - memory leak when handling session tickets
- fix CVE-2014-3513 - memory leak in srtp support
- add support for fallback SCSV to partially mitigate CVE-2014-3566
  (padding attack on SSL3)

For CentOS 6

Code:

rpm -qa -changelog openssl | head -n5
* Wed Oct 15 2014 TomÃ¡Å¡ MrÃ¡z <tmraz@redhat.com> 1.0.1e-30.2
- fix CVE-2014-3567 - memory leak when handling session tickets
- fix CVE-2014-3513 - memory leak in srtp support
- add support for fallback SCSV to partially mitigate CVE-2014-3566
  (padding attack on SSL3)

Guilherme Jaccoud · Oct 17, 2014

All my websites are behind CloudFlare. Does it mean I am protected?

rdan · Oct 17, 2014

Guilherme Jaccoud said: ↑

All my websites are behind CloudFlare. Does it mean I am protected?
Click to expand...

Yes.

eva2000 · Oct 17, 2014

Guilherme Jaccoud said: ↑

All my websites are behind CloudFlare. Does it mean I am protected?
Click to expand...

yeah but still worth updating on your server end

not the best way to die - funny google heading

Log in / Register

Forums

Join the community today

SSL POODLE attacks on SSLv3 vulnerability

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

rdan Well-Known Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

rdan Well-Known Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Guilherme Jaccoud Member

rdan Well-Known Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Join the community today

SSL POODLE attacks on SSLv3 vulnerability

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

rdan Well-Known Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

rdan Well-Known Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

Guilherme Jaccoud Member

rdan Well-Known Member

eva2000 Administrator Staff Member

.