Taking Away the Opportunity for POODLE (CVE-2014-3566) to Bite
OpenSSL put out a notification last week regarding a vulnerability in SSL 3.0 — an obsolete and insecure protocol that in many cases has been replaced by TLS 1.0, TLS 1.1, and TLS 1.2. However, many TLS or secure socket implementations remain backwards compatible with SSL 3.0 in order to interoperate with legacy systems.
Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. Assailants can potentially exploit the downgraded protocol and break the cryptographic security of SSL 3.0.
Known as POODLE (Padding Oracle On Downgraded Legacy Encryption), the attack is designed to take advantage of the protocol version negotiation feature built into SSL/TLS to force the use of SSL 3.0 and then leverage the vulnerability to decrypt select content within the SSL session.
Our initial analyses showed us that less than 0.05% of all our current traffic uses SSLv3. Given that knowledge, we immediately decided to proactively disable SSL 3.0 in order to protect all users on our network.
We subsequently updated our entire network using OpenSSL v1.0.1j that is designed to protect against POODLE. This update adds support for TLS_FALLBACK_SCSV, which allows clients to request a connection where any protocol downgrades, either through known or future means, will result in an error. This feature is currently being developed and released by browser vendors, and once released will provide protection for all EC customers.
OpenSSL v1.0.1j also provides fixes for 3 other security vulnerabilities: an SRTP Memory Leak (CVE-2014-3513), a Session Ticket Memory Leak (CVE-2014-3567), and an incomplete Build option for no-ssl3 (CVE-2014-3568).