Select Page

No POODLE

POODLE?

Padding Oracle On Downgraded Legacy Encryption, an issue with the mechanism used in version 3 of the SSL technology, allows a party capable of intercepting secure communications between devices, to eventually gather enough information to decrypt the traffic.

Unlike Heartbleed, this is not a bug in code, but a failure in the way the process has been implemented, -SSLv3 is now obsolete.

 SSLv3

SSLv3 is an older mechanism, so modern clients and servers will normally be able to use newer technologies to negotiate secure connections.

Check a server

On a Mac or Linux box, use the local openssl tool to set up an SSLv3 connection to the server you want to test.

This is the sort of thing you will see if the server is vulnerable to POODLE.

$ openssl s_client -ssl3 -connect <i.use.sslv3>:443
CONNECTED(00000003)
...
---
SSL handshake has read 5766 bytes and written 308 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 080A7C3988B169AF89E779D66BD9A09F664F9CAE5942E1FF05CFF1CFD3BA997C
    Session-ID-ctx:
    Master-Key: 19C609228F39DE30EDA3BD2BF177352BE72F6857A368FA2BC133D484BD0D154921693D4AA8C408B993AFD40DD00483FE
    Key-Arg   : None
    Start Time: 1413526299
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

and this is what you will see, if the server refuses to negotiate an SSLv3 connection

$ openssl s_client -ssl3 -connect <no.sslv3.here>:443
CONNECTED(00000003)
756:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:/SourceCache/OpenSSL098/OpenSSL098-52/src/ssl/s3_pkt.c:1125:SSL alert number 40
756:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-52/src/ssl/s3_pkt.c:546:

The fix

This affects client and server, and both sides can protect themselves against this. On the client side, you simply need to refuse to attempts to negotiate an SSLv3 connection (or other older encryption technologies). On the server side, disable SSLv3.

ITS and Science IS are working through the servers we look after, and web client providers are supplying updates to current versions of their software.

 

Skip to toolbar