[Nsi-wg] The POODLE attack on SSLv3
Henrik Thostrup Jensen
htj at nordu.net
Wed Oct 15 05:34:38 EDT 2014
Hi
Some of you have probably seen this:
http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
As we have mandated use of TLS 1.0 (which is the successor to SSLv3), an
NSI implementation should not be vulnerable.
***
If you are responsible for an NSI implementation, please double check that
SSLv3 is not allowed (the default contexts often allow this).
***
AFAICT even NSI agents supporting SSLv3 are not vulnerable to the attack
as we authenticate the client and do not use HTTP session keys (the POODLE
attack uses single-byte leaking to grab a session key by inserting
requests into a unencrypted side-channel and reusing it in a new session).
Further, there is some rumor mongering concerning TLS 1.0/1.1 being
disabled some places. These two have a lot of similarity to SSlv3, but are
NOT vulnerable to the same attack. While I don't think they can be
vulnarable to a similar attack (but I am not really qualified to guess), a
lot of clever people will be looking into creating variants of this attack
in the next months. So consider supporting TLS 1.2 sooner rather than
later.
Best regards, Henrik
Henrik Thostrup Jensen <htj at nordu.net>
Software Developer, NORDUnet
More information about the nsi-wg
mailing list