SSL POODLE attacks on SSLv3 vulnerability

Disabling SSLv3 on your web browser side Protecting Browsers against POODLE

Use dev version of ssllabs client test for checking browser has SSLv3 disabled Qualys SSL Labs - Projects / SSL Client Test The non-dev version doesn't properly report disabled SSLv3

---

 

Cloudflare disables SSLv3 across their network SSLv3 Support Disabled By Default Due to POODLE Vulnerability

 

SSLLabs test has added Poodle advisory check message which seems to check for TLS_FALLBACK_SCSV support Qualys SSL Labs - Projects / SSL Server Test

for forums community.centminmod.com RSA 2048 bit with Cloudflare RC4 Kill patch + OpenSSL 1.0.2 beta4 + chacha20_poly1305 cipher support + (will implement OpenSSL 1.0.2 patch for TLS_FALLBACK_SCSV later today although not necessary as I have SSLv3 disabled)




for sslspdy.com which uses ECC 256 bit certificates with Cloudflare RC4 Kill patch + OpenSSL 1.0.2 beta4 + chacha20_poly1305 cipher support + OpenSSL 1.0.2 patch for TLS_FALLBACK_SCSV

 

FYI, this very forum has now updated to using Centmin Mod .08 beta code from this point foward combined with bleeding edge SSL config setup Upgrades to Centmin Mod .08 beta and OpenSSL 1.0.2 with POODLE SSLv3 patch | Centmin Mod Community

 

looks good to me

 

yeah only ~0.0032% for me

 

you going back to non-https ?

 

AFAIK, you'd have to suffer through that - well your visitors would

 

Redhat OpenSSL updates for TLS_FALLBACK_SCSV support available now Red Hat Customer Portal. Guess waiting on CentOS equivalent releases

For Redhat 6 64bit

Code:

x86_64:
openssl-1.0.1e-30.el6_6.2.i686.rpm        MD5: 278926b7afa624194b03a79c81379dcd
SHA-256: e85e84237f069e64333603fbed965b4d0b034c2933c9160eaf4b605d8c3ccd16
openssl-1.0.1e-30.el6_6.2.x86_64.rpm        MD5: 77288f1243c4bf199fc4b6f744f13c89
SHA-256: 904b7d8367de9f94c1878720e634a226ea3c1f67067af6a939dd05f68e7ab1ac
openssl-debuginfo-1.0.1e-30.el6_6.2.i686.rpm        MD5: a5c62586bfddcfe2d18bf4910685d16a
SHA-256: 5ad1eb82ca9b17be5cd78e39e1e3ec8048e10ecc2bf9b009421680f5bb439064
openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64.rpm        MD5: 70bd38e4cdbb698e355c9dbbcd1091f1
SHA-256: be01e3eb8e1cfdc95c91f7d634c6b76a119c3bc1c74e02affccc67f66d518735
openssl-devel-1.0.1e-30.el6_6.2.i686.rpm        MD5: 1e968a7dabf5d30fa6fad4b8451eff21
SHA-256: 32f1611b3c8934fc10ac3ed87e57847bdaa4f4aebb21ed25d3b6c005722d1bda
openssl-devel-1.0.1e-30.el6_6.2.x86_64.rpm        MD5: 5aa28f964c7ae6281e16887edbdcd0c8
SHA-256: dcbbbd1b21733e3e3168897120bfc1674c051c4efe7a621d5c5dece211169207
openssl-perl-1.0.1e-30.el6_6.2.x86_64.rpm        MD5: 208235778b4409742d1468053e6d5dd7
SHA-256: f14e04f00a6ac0ee2583094cb42c191016fe93aa628360d71063ad245259e8b3
openssl-static-1.0.1e-30.el6_6.2.x86_64.rpm        MD5: eb5521bb44c64ca8df7fe83effaa601b
SHA-256: 31cbe1c6d6b434cddca35a1c27b707e5b0587c6101d1adf003b3c6f6bb1bb397

For Redhat 7 64bit

Code:

x86_64:
openssl-1.0.1e-34.el7_0.6.x86_64.rpm        MD5: 20f3de478123189454e8391c7e7f5fba
SHA-256: 92bd4a7ca76174a626894947455f79d591bc400a5fb001fb38d604409a70f444
openssl-debuginfo-1.0.1e-34.el7_0.6.i686.rpm        MD5: 705d3b4ec60c2ed413cfa50f0afeabba
SHA-256: e1c4fc368277f02bc2d0657955a36403c1555ab38fa9d0c865c5383febc2b98a
openssl-debuginfo-1.0.1e-34.el7_0.6.x86_64.rpm        MD5: 0f6e778f0130698ffd7acc0ad54e2547
SHA-256: 260aeffe0edec7306702c983670b631dd6c7134c6121cabaf033a4c393f90d86
openssl-devel-1.0.1e-34.el7_0.6.i686.rpm        MD5: 8adc48e8f6630c2aa91913c882e3e36d
SHA-256: c7c811a6c9ceca5e474d223939f6f014613f59eac1c2cf1d910bc25faf1195a7
openssl-devel-1.0.1e-34.el7_0.6.x86_64.rpm        MD5: ebfeeea65c5f39bb6ab81dd840c62533
SHA-256: 74f6d0ccfaefdbb042a91fac6111a0ec9c431c0c97528ff147ad839b55fe19de
openssl-libs-1.0.1e-34.el7_0.6.i686.rpm        MD5: faf2536727c4351f63e42f8a62fe6d5e
SHA-256: 0e1307b329d32000b853b3614b5f1e6d88cb673fa5614d5e499802dc8967ca12
openssl-libs-1.0.1e-34.el7_0.6.x86_64.rpm        MD5: a821939689a064a7136fa721a0a07962
SHA-256: b3f6d8b2c201705829d104c0f3c7b03420dd937f3c191aaec6b53c6d43118f25
openssl-perl-1.0.1e-34.el7_0.6.x86_64.rpm        MD5: 3b693add6dd2f2ab323ba1cf3e93a914
SHA-256: f8a5d90f16fa82f10f2c368ce7111a111006d31a6e43cb5e018055d62d825ea7
openssl-static-1.0.1e-34.el7_0.6.i686.rpm        MD5: 58f3806d1649f7a2a934ebe774818fe7
SHA-256: 9c4c823b0ced1577b2775b63365fd096c1ecb70e9ee837d5b3a5089870349d48
openssl-static-1.0.1e-34.el7_0.6.x86_64.rpm        MD5: e7a9eeae6cee59e355411aaa02a6b07d
SHA-256: 3ed6dda62bad80d31b28ae4b159ed3fe4b98ea2bcbdc2caef9f6ea8d56391b26

 

More POODLE SSLv3 explanations in laymen terms at Errata Security: Some POODLE notes

 

updates for CentOS are upon us

CentOS 6.5 32bit

Code:

yum clean all -q; yum list updates -q
Updated Packages
openssl.i686                                                                 1.0.1e-30.el6_5.2                                                           updates
openssl-devel.i686                                                           1.0.1e-30.el6_5.2                                                           updates

CentOS 7.0 64bit

Code:

yum clean all -q; yum list updates -q
Updated Packages
openssl.x86_64                                                               1:1.0.1e-34.el7_0.6                                                         updates
openssl-devel.x86_64                                                         1:1.0.1e-34.el7_0.6                                                         updates
openssl-libs.x86_64                                                          1:1.0.1e-34.el7_0.6                                                         updates

For CentOS 7

Code:

rpm -qa -changelog openssl | head -n5
* Wed Oct 15 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-34.6
- fix CVE-2014-3567 - memory leak when handling session tickets
- fix CVE-2014-3513 - memory leak in srtp support
- add support for fallback SCSV to partially mitigate CVE-2014-3566
  (padding attack on SSL3)

For CentOS 6

Code:

rpm -qa -changelog openssl | head -n5
* Wed Oct 15 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-30.2
- fix CVE-2014-3567 - memory leak when handling session tickets
- fix CVE-2014-3513 - memory leak in srtp support
- add support for fallback SCSV to partially mitigate CVE-2014-3566
  (padding attack on SSL3)

 

yeah but still worth updating on your server end

not the best way to die - funny google heading