Twitter, Cloudflare kill SSL 3.0 ... and here's how YOU CAN TOO
Flawed HTTPS protocol axed amid attack fears
Poodle Websites and web browser makers are moving quickly to ditch the outdated SSL 3.0 encryption protocol for HTTPS following the discovering of a worrying design flaw.
On Tuesday, Google researchers published details about the shortcoming, dubbed POODLE, which allows eavesdroppers to crack encrypted web traffic.
More specifically, it allows hackers to intercept and decrypt sensitive information – such as secret session cookies – in transit, and ultimately hijack victims' online accounts.
Ideally, websites and browsers should use TLS 1.2 for protecting data on-the-fly, but POODLE attacks use a loophole to force software to drop down to SSL 3.0, an 18-year-old protocol that was superseded by TLS. Once a website and web browser are using SSL 3.0, attackers can exploit a design flaw in the protocol to decrypt the information they need.
The best course of action is to disable SSL 3.0 support and use just TLS – and Twitter says it's done exactly that.
We have disabled SSLv3 protocol support in response to the vulnerability published today. You may need to update your browser to use Twitter— Twitter Security (@twittersecurity) October 15, 2014
Similarly, Cloudflare said it has disabled SSL 3.0 on its web servers, forcing users of outdated browsers and OSes (cough, IE6 and Windows XP) to upgrade if their software cannot support TLS.
"CloudFlare has disabled SSLv3 across our network by default for all customers. This will have an impact on some older browsers, resulting in an SSL connection error," CloudFlare said in its alert.
"The biggest impact is Internet Explorer 6 running on Windows XP or older."
While Cloudflare acknowledged that some users will need to upgrade to continue accessing the service, the number of those affected will likely be extremely small. CloudFare said 98.88 per cent of connections to its servers from Windows XP machines are able to support the more robust TLS.
As Akamai explains, the flaw is not one that can be addressed with a patch or update, but rather, is the death knell for SSL 3.0.
"On its own, POODLE merely makes certain cipher choices no longer as trustworthy," the company said.
"Unfortunately, these were the last ciphers that were even moderately trustworthy - the other ciphers available in SSLv3 having fallen into untrustworthiness due to insufficient key size (RC2, DES, Export ciphers); cryptanalytic attacks (RC4); or a lack of browser support (RC2, SEED, Camellia). The POODLE attack takes out the remaining two (3DES and AES) as trustworthy (and covers SEED and Camellia as well, so we can't advocate for those)."
Overnight and through Wednesday, website admins across the world have reported that they've restarted their server software with SSL 3.0 support disabled to kill off POODLE attacks. Mozilla said Firefox will dump the protocol in version 34 of the web browser, due out in November.
Google Chrome will also shortly lose SSL 3.0 support, too. It also uses a TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV) to prevent attacks like POODLE – provided the web server at the other end also supports this mechanism.
This value is introduced while an encrypted connection is established, and it blocks attempts to downgrade the security protocols used. With the value set, the browser and website will not use SSL 3 over TLS 1.2, for example. This should prevent future attacks that rely on watering down HTTPS connections.
Google's engineers, unsurprisingly, recommend browsers and web servers use TLS_FALLBACK_SCSV: the company's servers and browser support the value. In the meantime, disabling SSL 3.0 is a good start.
"It [the TLS_FALLBACK_SCSV value] doesn't actually resolve the POODLE vulnerability, it just means that clients and servers can continue to support SSLv3 where absolutely needed without exposing everyone to the same risk," explained security consultant Scott Helme.
"Ideally, SSLv3 should be consigned to the scrap heap and clients/servers should move on to newer and better protocols like TLS. After all, it is almost 18 years old and was superseded by TLS 15 years ago."
For those looking to protect their browsers and servers from the POODLE attack, Helme has provided detailed configuration walkthroughs on his site. ®