SSL/TLS - The POODLE attack and the End of SSLv3 + OpenSSL Security Advisory

This information is only available in English. If you need support concerning the following vulnerabilities, please contact iWeb Technical Support: http://iweb.com/contact

This article describes some known issues with SSL/TLS and OpenSSL, and also discusses the POODLE attack vulnerability.

What are SSL (Secure Sockets Layer) and TLS (Transport Layer Security)?

SSL and its successor TLS are cryptographic protocols that provide secure communications over computer networks.

There are 5 protocols in the SSL/TLS family:
- SSLv2: prohibited from use by the Internet Engineering Task (rfc6176)
- SSLv3: deprecated - not sufficiently secure (rfc7568)
- TLS1.0: considered insecure (vulnerable to the BEAST attack). Shouldn't be used. No longer acceptable for PCI Compliance (June 2018).
- TLS1.1: does not have known security issues, but does not provide modern cipher-suites (rfc5246#section-1.2)
- TLS1.2: does not have known security issues, and offers modern authenticated encryption (AEAD-based). Should be the main protocol used today.

As of January 2018, work is under way to design TLS1.3. (https://tools.ietf.org/html/draft-ietf-tls-tls13-23)


What is a Cypher Suite?

A cipher suite is a set of cryptographic algorithms used during SSL or TLS sessions to secure network connections between the client and the server.

The set of algorithms that cipher suites usually contain include: a key exchange algorithm, a bulk encryption algorithm, and a Message Authentication Code (MAC) algorithm.

Some ciphers must be avoided:
- RC4: see CVE-2015-2808. Prohibited from use by the Internet Engineering Task (rfc7465)

- 64-bit block ciphers when used in CBC mode:
DES CBC: see CVE-2016-2183. Removed from TLS 1.2 (rfc5246)
IDEA CBC: considered insecure. Removed from TLS 1.2 (rfc5246)
3DES EDE CBC: see CVE-2016-2183.
RC2 CBC: considered insecure. see CVE-2016-2183.

- DH (Diffie–Hellman key exchange smaller than 1024-bit): see CVE-2015-4000
- Export cipher suites: see CVE-2015-0204
- NULL cipher suites since they provide no encryption.


What is OpenSSL?

OpenSSL is a software library toolkit licensed under an Apache-style license for implementation of the SSL and TLS protocols.
The OpenSSL Community releases patches to fix identified vulnerabilities.
i.e CVE-2014-3513 [High severity]: https://www.openssl.org/news/secadv_20141015.txt
OpenSSL security advisory are available at the following links: https://www.openssl.org/news/vulnerabilities.html


POODLE attack vulnerability

The POODLE attack (which stands for "Padding Oracle On Downgraded Legacy Encryption", CVE-2014-3566) is a man-in-the-middle (MITM) exploit which allows a hacker to decrypt select content within the SSL session.

Variations of the POODLE vulnerability affects TLS because an active MITM attacker can force browsers to downgrade their connections down to SSLv3, which can then be exploited.


Is my Server Vulnerable to POODLE?

Here is an online tool to test your website for various SSL vulnerabilities, including POODLE:

https://www.ssllabs.com/ssltest/

If your website is vulnerable, the online report will provide you with a report listing your website's SSL vulnerabilities:

 

1.txt


Alternatively, you can test the web service running on your server by using the following command as root:
# nmap -Pn --script ssl-poodle -p 443 <Your-server-IP>

Output sample:

PORT STATE SERVICE
443/tcp open https
| ssl-poodle:
| VULNERABLE:
| SSL POODLE information leak
| State: VULNERABLE
| IDs: CVE:CVE-2014-3566 OSVDB:113251
| The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and
| other products, uses nondeterministic CBC padding, which makes it easier
| for man-in-the-middle attackers to obtain cleartext data via a
| padding-oracle attack, aka the "POODLE" issue.
| Disclosure date: 2014-10-14
| Check results:
| TLS_RSA_WITH_AES_128_CBC_SHA

You can also list all the cipher suites supported by your server's web service by using the following command as root:
#  nmap -Pn --script ssl-enum-ciphers -p 443 <Your-server-IP>

 

Resolution

To proect your server against POODLE, SSLv3 must be disabled, and the cipher suites used by your various services (e.g. web, email, etc.) must be configured properly.

Additional testing to verify the security of the OpenSSL version used on your server must be performed.

Securing your server against SSL vulnerabilities might result in compatibility issues with older software. For example, after updating and securing your server, visitors to your website using older versions of Internet Explorer may not be able to view your website. Take the time to evaluate potential impacts to your infrastructure before applying changes.

Some popular ways of doing this are:

1) Having a second environment (i.e. staging environment) that is identical to your production environment where you can safely test changes first

2) Planning maintenance windows where you can apply changes to your live production environment and roll them back if an issue occurs

The following articles provides technical details for common products:

WHM/cPanel:
https://documentation.cpanel.net/display/CKB/How+to+Adjust+Cipher+Protocols

Plesk:
https://support.plesk.com/hc/en-us/articles/213413909-Disable-weak-SSL-TLS-ciphers-for-PCI-Complaince
https://support.plesk.com/hc/en-us/articles/115000422229-How-to-enable-disable-particular-TLS-version-in-Plesk-on-Linux-
https://support.plesk.com/hc/en-us/articles/115002736754-How-to-disable-TLS-1-0-support-for-POP3-and-IMAP

Microsoft Windows Server:
https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings
ADFS: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs

VMware:
https://kb.vmware.com/s/article/2147469

More products:
http://disablessl3.com/


External references:

https://www.openssl.org/~bodo/ssl-poodle.pdf
https://www.us-cert.gov/ncas/alerts/TA14-290A
https://www.gracefulsecurity.com/tls-ssl-vulnerabilities/
https://blog.cloudflare.com/padding-oracles-and-the-decline-of-cbc-mode-ciphersuites/
https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/
https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices  (https://www.ssllabs.com/projects/best-practices/)
https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls
https://msdn.microsoft.com/en-gb/library/windows/desktop/aa374757(v=vs.85).aspx
https://blogs.vmware.com/security/2014/10/cve-2014-3566-aka-poodle.html
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk