<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<a class="moz-txt-link-freetext" href="https://www.openssl.org/~bodo/ssl-poodle.pdf">https://www.openssl.org/~bodo/ssl-poodle.pdf</a><br>
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<div class="page" title="Page 1">
<div class="section" style="background-color: rgb(100.000000%,
100.000000%, 100.000000%)">
<div class="layoutArea">
<div class="column">
<p><span style="font-size: 11.000000pt; font-family:
'ArialMT'">SSL 3.0 [RFC6101] is an obsolete and insecure
protocol. While for most practical
purposes it has been replaced by its successors TLS 1.0
[RFC2246], TLS 1.1 [RFC4346],
and TLS 1.2 [RFC5246], many TLS implementations remain
backwardscompatible with
SSL 3.0 to interoperate with legacy systems in the
interest of a smooth user experience.
The protocol handshake provides for authenticated
version negotiation, so normally the
latest protocol version common to the client and the
server will be used.
</span></p>
<p><span style="font-size: 11.000000pt; font-family:
'ArialMT'">However, even if a client and server both
support a version of TLS, the security level
offered by SSL 3.0 is still relevant since many clients
implement a protocol downgrade
dance to work around serverside interoperability bugs.
In this Security Advisory, we
discuss how attackers can exploit the downgrade dance
and break the cryptographic
security of SSL 3.0. Our POODLE attack (Padding Oracle
On Downgraded Legacy
Encryption) will allow them, for example, to steal
“secure” HTTP cookies (or other bearer
tokens such as HTTP Authorization header contents).
</span></p>
<p><span style="font-size: 11.000000pt; font-family:
'ArialMT'">We then give recommendations for both clients
and servers on how to counter the attack:
if disabling SSL 3.0 entirely is not acceptable out of
interoperability concerns, TLS
implementations should make use of TLS_FALLBACK_SCSV.
</span></p>
<p><span style="font-size: 11.000000pt; font-family:
'ArialMT'; color: rgb(6.670000%, 33.330000%,
80.000000%)">CVE20143566 </span><span
style="font-size: 11.000000pt; font-family: 'ArialMT'">has
been allocated for this protocol vulnerability.
</span></p>
</div>
</div>
</div>
</div>
<title></title>
<br>
<a class="moz-txt-link-freetext" href="http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploiting-ssl-30.html">http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploiting-ssl-30.html</a><br>
<br>
<br>
</body>
</html>