lolloj - Fotolia
Three of the largest Web browser vendors in the world have confirmed plans to disable support for SSL 3.0 in the coming months. The move against the outdated encryption protocol comes just weeks after the POODLE attack showed that major Web browsers still supported SSL 3.0 in some form, though one expert said that most enterprises should be safe from POODLE regardless.
Earlier this month, Google security team members Bodo Möller, Thai Duong and Krzysztof Kotowicz released a research paper detailing the POODLE (Padding Oracle On Downgraded Legacy Encryption) SSL vulnerability.
POODLE essentially exists because Web browsers like Firefox and Chrome maintained support for the 15-year-old version of 3.0 SSL in cases where users couldn't connect to servers using more modern protocols. SSL 3.0's reliance on the broken RC4 encryption cipher means that an attacker, if situated between a client and server, could break encrypted communications and reveal the contents of HTTPS cookies.
Vendor fixes coming
The chances of an attacker successfully exploiting POODLE are about to decline dramatically though, as Microsoft, Google and Mozilla are all moving to eliminate support for SSL 3.0 entirely in their respective Web browsers.
In a blog post Wednesday, Microsoft director of response communications Tracey Pretorius said in the coming months, the company will be disabling the SSL 3.0 fallback mechanism in Internet Explorer and disabling SSL 3.0 by default, both in its Web browser and across all of its online services. Pretorius also said that Microsoft had revised Security Advisory 3009008 to provide concerned IE users with a "Fix it" option that will disable SSL 3.0 in all supported versions of the Web browser.
"Millions of people and thousands of organizations around the world rely on our products and services every day, and while the number of systems that rely on SSL 3.0 exclusively is very small, we recognize that, particularly for enterprises, disabling the protocol may cause some impact," said Pretorius in the blog post. "That’s why we're taking a planned approach to this issue and providing customers with advance notice."
Google security engineer Adam Langley also said in a Thursday blog post that the Web giant plans to disable the SSL 3.0 fallback mechanism in the upcoming version 39 of its Chrome browser, and to kill off support entirely in version 40. The move should come as no surprise, as Google's Möller had previously stated the company hoped to remove SSL 3.0 support in short order, though Google had already implemented the TLS_FALLBACK_SCSV protocol downgrade fix in Chrome earlier this year.
And for server administrators concerned that Web visitors won't be able to connect, Langley had a clear message.
"SSLv3-fallback is only needed to support buggy HTTPS servers. Servers that correctly support only SSLv3 will continue to work (for now) but some buggy servers may stop working," Langley wrote in the blog post. "The answer in these cases is to fix the server -- TLS 1.0 is nearly 15 years old at this point."
Though official plans were only delivered by Microsoft and Google this week, Mozilla security engineer Richard Barnes confirmed in a blog post shortly after POODLE was publicized that the vendor would be disabling SSL 3.0 by default in the upcoming version 34 of its Firefox browser, set for release on Nov. 25, and that version 35 would support TLS_FALLBACK_SCSV.
At the time, Barnes cited research from Mozilla and the University of Michigan, which showed only around 0.42% of the top one million Web domains according to Alexa still had some reliance on SSL 3.0, and that 0.3% of Firefox HTTPS connections fell back to the outdated protocol. The decision to slowly roll out mitigations, wrote Barnes, was "intended to allow website operators some time to upgrade any servers that still rely on SSLv3."
Is POODLE an enterprise problem?
Between Microsoft, Mozilla and Google, nearly 95% of desktop-based browsers should be safe from POODLE, according to recent statistics from W3Schools.
From an enterprise security perspective, Kellman Meghu, head of Americas Security Architects for Check Point Software Ltd., said that most organizations should have been devoid of SSL 3.0 in their environments anyway. Where some enterprises may run into trouble, he noted, is legacy applications that were written with the SSL 3.0 toolkit and have since been abandoned by developers.
In those cases, Meghu advised enterprise security teams to complete a thorough audit of all systems that may be vulnerable and pay particular attention to possible SSL-based apps to ensure they can't fall back to version 3.0, especially as there won't be a "hard and fast rule" of which systems may support the old encryption protocol. If an application does support SSL 3.0, Meghu said the fix should be as simple as disabling the fallback mechanism at the heart of POODLE.
In reality, Meghu said that the BEAST SSL attack – which was previously researched by Google's Duong – may actually have been the more worrisome of the two SSL-based threats, though the attention POODLE drew to the continued support of SSL 3.0 should be viewed as a positive for the security industry.
"Worst case scenario, this inspired everyone to run out and make sure they patched and updated and maybe caused an extra audit to happen," said Meghu. "That's not a bad thing. We should always be doing things like that. But truthfully, if an organization has a program for patching and keeping things updated, POODLE shouldn't be a stressful thing for them."
The OpenSSL Project, gatekeepers of the popular open-source encryption software, also recently patched against POODLE.
Resident expert Michael Cobb explains how different Web browsers handle the SSL certificate revocation process.