SSL is in the news again with another vulnerability.
What Is and how does POODLE work?
POODLE stands for Padding Oracle On Downgraded Legacy Encryption. How the newly announced POODLE attack works is by interfering with the protocol negotiation. An attacker can force your encryption to downgrade to a legacy protocol where they can take advantage of known vulnerabilities to decrypt your traffic. More details are available in the upstream OpenSSL advisory.
Recommendation
This newest vulnerability calls into question the future of SSL. SSL was released in 1996 and was superseded in 1999 by TLS 1.0. Webservers now only offer SSL connections as a last resort to support legacy devices that do not support any of the TLS protocols.
In the face of the POODLE attack modern browsers are providing instructions how to remove SSLv3 support from your browser, Firefox will be removing support by default in the newest release scheduled for Nov 25th.
There are a few ways to mitigate the risk of the POODLE attack, researchers recommend that you use tools that support TLS_FALLBACK_SCSV (TLS Signalling Cipher Suite Value) that prevents the negotiation from downgrading to SSLv3, it is also highly recommended that you stop using any vulnerable cipher suites (which for SSLv3 is pretty much all of them). Of course the easiest and surest way to mitigate this newest attack is to remove support for SSLv3 altogether.
In light of this newest vulnerability DOSarrest has disabled support for SSLv3 connections as of today to completely remove this attack vector for our customers. We will continue monitoring the situation and respond accordingly as further events unfold. Customers with applications that only support SSLv3 are encouraged to upgrade to TLS as soon as possible.
Sean Power,
Solutions Engineer
