[Cryptography] DROWN attack on SSLv2 enabled servers
Ray Dillinger
bear at sonic.net
Tue Mar 1 11:36:56 EST 2016
On 03/01/2016 07:07 AM, Perry E. Metzger wrote:
> TL;DR: if you have an TLS/SSL enabled service running on your
> machines that willingly speaks SSLv2, you need to upgrade your systems
> immediately, preferably by updating your SSL implementation but
> at the very least permanently turning off SSLv2. This is because
> SSLv2 can be used in an oracle attack to decrypt sessions that used
> more secure versions of the TLS/SSL protocol.
>
> https://drownattack.com/
>
> Paper is at https://www.drownattack.com/drown-attack-paper.pdf
>
And this - though I didn't know exactly what shape it would take
at the time - is why I patched all those god damned export ciphers
with "assert(false)" statements and recompiled after the protocol
downgrade attacks of last year, and advised everyone I know to do
the same. Yes, I will take the DoS of having my server just
plain crash if someone gets to them. That's better than having
data stolen.
Good gods, how much has that idiotic requirement cost the USA by
this time? And the rest of the world, for that matter? How much
more damage will it do before it is killed absolutely dead with
a mouth full of garlic cloves in its decapitated head and a
stake through its heart?
I didn't absolutely *KNOW* that someone would find a way to get
to them, but it was complicated enough that I couldn't be sure
they wouldn't. Hence, "assert(false)."
I HATE being right about crap like this. It's hard to get over
paranoia when it keeps being right.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160301/49eb09f2/attachment.sig>
More information about the cryptography
mailing list