SSL 3.0 "Poodle" Flaw Opens Encrypted Data to Eavesdropping

A vulnerability in the design of the SSL 3.0 protocol can be exploited to intercept secure cookies transmitted between clients and servers in a reasonable amount of time, Google announced in blog post.

Three Google researchers uncovered the “Poodle” (Padding Oracle On Downgraded Legacy Encryption) flaw which affects a large number of Internet-connected servers that can to fall back to the vulnerable SSL v3 protocol.

“SSL 3.0 [RFC6101] is an obsolete and insecure protocol”, they said.

Introduced in 1996, the SSL protocol was designed to secure communications. When a client (browser, application, etc.) contacts a server, they engage in a security “handshake” that creates keys to encrypt and decrypt information sent through the network.

However, despite the wide spread implementation of the TLS protocol and because of server legacy constrains – such as when either party supports only SSL 3.0 – most of the Internet servers can be forced to fall back to the next protocol versions supported, including SSL version 3.0.

When the “downgrade dance” is complete, a man-in-the-middle attacker can decrypt secure HTTP cookies after a number of attempts and potentially take control of email, banking and social networking credentials and other private data.

Google says disabling the SSL 3.0 protocol is the surest way to avoid insecure encryption, however, due interoperability issues, it may not be a practical solution. Instead, it advises TLS clients to add a new fallback value, TLS_FALLBACK_SCSV, which stops attackers from forcing a protocol downgrade.

Bogdan Botezatu, Senior E-Threat Analyst at Bitdefender, says:

“The introduction of TLS v1.2 has dramatically improved the security of encrypted communication between client and server. There is this legacy issue though that can leverage bugs in older protocols used for fallback in case either of the parties don’t understand “better encryption”. It’s a typical case of the past coming back to haunt you, so the best defense right now is to completely terminate SSL if both parties can do TLS.”

Additionally, Google announced it will release a Chrome update to disable SSL 3.0 fallback and will remove SSL 3.0 support completely from all its products in the coming months.

In view of Google’s findings, Mozilla shared plans to turn off SSL 3.0 in Firefox. Microsoft and Amazon also issued an advisory suggesting that customers disable SSL 3.0, where possible.