Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Finds Vulnerability In SSL 3.0 Web Encryption

Posted by Soulskill on from the another-day-another-vuln dept.

AlbanX sends word that security researchers from Google have published details on a vulnerability in SSL 3.0 that can allow an attacker to calculate the plaintext of encrypted communications. Google's Bodo Moller writes, SSL 3.0 is nearly 15 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue. Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response (PDF) is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.

68 comments

  1. Chrome Dumbed Down by brunes69 · · Score: 4, Interesting

    Too bad Google removed the options to enable or disable SSL versions from Chrome some time ago, in an effort to further dumb down the browser. The options used to be under "advanced, but they aren't anymore. Not even available under about:flags.

    1. Re:Chrome Dumbed Down by complete+loony · · Score: 1, Interesting

      Tick this box to break the internet? Those kinds of options just cause user frustration. Security should not be optional.

      --
      09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
    2. Re:Chrome Dumbed Down by Anonymous Coward · · Score: 2, Insightful

      I'm confused, are you advocating security or compatibility.

    3. Re:Chrome Dumbed Down by yuhong · · Score: 0

      To be honest, I remember the Slashdot article that incorrectly suggested that SSL 2.0 and TLS 1.0 was affected by BEAST.

    4. Re:Chrome Dumbed Down by complete+loony · · Score: 0

      Giving the user a browser option that will break compatibility with some web sites, adds more bug / support effort to work out what the user actually did. For most users, giving them an option like this is only going to cause you trouble later.

      If you have too many configuration options, nobody will test every permutation to check that they actually work. Since we're talking about web browsers, most of that testing burden would fall on web site developers.

      Having an option for a security setting may allow you to quickly inform users on how to mitigate a security issue. But that only works if all of your users track vulnerability news and have the capability to follow those instructions. Not true of most users of web browsers.

      So IMHO, the best approach in this case is to make sure your software is secure out of the box. With no nobs that a user can toggle to break anything. Using software update channels to push security fixes when necessary.

      --
      09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
    5. Re:Chrome Dumbed Down by Famak1994 · · Score: 1

      In the early days of Chrome I was a die hard fan due to simplicity and security over aesthetics...

      Not so much anymore.

      Which begs the question, why do they even bother to find these bugs?

      I mean the last straw for me was making the scrollbar microscopic. Did they ever stop to think that i'd rather use a scrollbar to jump back and forth on a page rather than my swiping my fingers?

    6. Re:Chrome Dumbed Down by XXeR · · Score: 3, Informative

      Too bad Google removed the options to enable or disable SSL versions from Chrome some time ago, in an effort to further dumb down the browser. The options used to be under "advanced, but they aren't anymore. Not even available under about:flags.

      Add --ssl-version-min=tls1 as a command line flag. Check here for the way to do that, depending on your OS:

      http://www.chromium.org/for-te...

    7. Re:Chrome Dumbed Down by Anonymous Coward · · Score: 2, Insightful

      But the point is that "making your software secure out of the box" would mean making it fail to work with lots of existing websites. So are you suggesting, instead of giving the user a button to "break the web", just to permanently "break" it for them?

      Most users don't tend to appreciate that sort of thing, which is basically the entire problem of web security in a nutshell.

    8. Re:Chrome Dumbed Down by complete+loony · · Score: 1, Insightful

      In this case, the new browser software version will break any server that only supports SSL3.0. When practically every user fails to connect to your server, including your own people, you know you have a problem to fix. Creating some work for web site owners in the interest of their own security.

      I'm saying that if you gave the users the option of breaking some of the web, some small percentage of users would do it without understanding the consequences. This creates a situation that is much harder to deal with. If users report the problem to web site owners, or browser vendors, tracing the source of the problem is more difficult.

      This is the same reason that Firefox no longer has a prominent option to disable Javascript. Users would disable it, then complain that web sites don't work without telling anyone that they had changed anything. The cost of supporting that option was too high.

      --
      09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
    9. Re:Chrome Dumbed Down by The+Ickle+Jones · · Score: 2

      Yeah, get rid of every feature so the willfully ignorant don't misuse them. Then you're left with garbage.

    10. Re:Chrome Dumbed Down by Teresita · · Score: 1

      What drives me nuts is the low contrast in the scrollbar, I can barely see where the "elevator" is so I can grab it. Damn kids these days...

    11. Re:Chrome Dumbed Down by Velox_SwiftFox · · Score: 1

      My company just banned Chrome anyway, because in the Nov. 7 version it will be reporting that there are errors with the 85% of HTTPS sites that don't use SHA-256 certificates.

    12. Re:Chrome Dumbed Down by brunes69 · · Score: 4, Insightful

      In this case, Security is indeed not optional, since you have no option to have it whatsoever - you are handing all your security over to Chrome and the website operator's good intentions.

    13. Re:Chrome Dumbed Down by Fwipp · · Score: 4, Funny

      But you don't even use a mouse!

    14. Re:Chrome Dumbed Down by jader3rd · · Score: 1

      When practically every user fails to connect to your server, including your own people, you know you have a problem to fix. Creating some work for web site owners in the interest of their own security.

      In the real world, when a user updates his browser, and then can't access websites that he could access yesterday, he doesn't plow on a head, knowing that he's forcing some admin to make updates to their webserver, he rolls back the update, and then probably picks a new browser.

    15. Re:Chrome Dumbed Down by Anonymous Coward · · Score: 0

      What drives me nuts is the low contrast in the scrollbar, I can barely see where the "elevator" is so I can grab it. Damn kids these days...

      I reluctanctly use both Chromium and Several Firefox builds at home because either browser is increasingly annoying.
      I recomend ReScroller for Chrome: http://www.bing.com/search?q=rescroller

      I paint my bars navy blue after making them wide enough. It is a shame (and the cause of the problem) that the GUI guidelines change with every release of Windows.
      While you're at it, install
      http://sourceforge.net/projects/footab/ to emulate dont-load-until-tab-focus and Scriptsafe (Noscript). May need to enable "Allow in Incognito"

    16. Re:Chrome Dumbed Down by SeaFox · · Score: 2

      Tick this box to break the internet? Those kinds of options just cause user frustration. Security should not be optional.

      How about those users not mess around with checkboxes if they don't know what they're doing to start with, leaving them for those people who do.
      That's the whole point of segregating settings into "basic" and "advanced" sections.

      This pandering-to-the-morons thing is starting to put all of us at risk.

    17. Re:Chrome Dumbed Down by KingMotley · · Score: 1

      Yes. Because it will work on 90% of the websites the user uses, he will likely understand it's not his browser problem, it is a problem with the website in question. The browser should not indicate a secure connection to the website if the browser knows that the connection is in fact not secure. Seems pretty self evident.

  2. Fuck It by sexconker · · Score: 3, Informative

    I have a million other things to deal with.
    I'll just run my shit against https://www.ssllabs.com/ssltes... in a month and do what it tells me to.

  3. How legacy is legacy? by Vellmont · · Score: 3, Interesting

    The last major browser that doesn't support TLS 1 was IE6. Even Microsoft doesn't support that piece of crap anymore. I'm sure there's some special cases of embedded systems out there that rely on SSL3 only, but that's a small minority.

    So the question to me is, what would break if you disabled SSL3? Breaking the web for IE6 users happened a long, long time ago.

    --
    AccountKiller
    1. Re:How legacy is legacy? by yuhong · · Score: 2

      If you absolutely have to use IE6, go to Internet Options's Advanced tab and check TLS 1.0 and while you are at it uncheck SSL 2.0. But of course the preferred solution is to upgrade and while you are it please also update to XP SP3 if you hasn't already. There is no WGA check in WinXP service pack in general, despite such misconceptions.

    2. Re:How legacy is legacy? by MachineShedFred · · Score: 2

      Wait... I can't use Netscape Communicator anymore?

      FOR SHAME.

      --
      Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
    3. Re:How legacy is legacy? by stoborrobots · · Score: 1

      According to the summary, this isn't about browsers, it's about servers - the browsers choose to fall back to SSL3 to cope with broken servers.

      If we stop supporting SSL3, then the browsers won't be able to speak to those old broken servers...

      --
      "Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
    4. Re:How legacy is legacy? by WaffleMonster · · Score: 2

      According to the summary, this isn't about browsers, it's about servers - the browsers choose to fall back to SSL3 to cope with broken servers.

      Intentionally bypassing downgrade attack protection built into SSL to "cope" with broken servers is 100000% a browser defect. There is no possible excuse for this nonsense in 2014.

    5. Re:How legacy is legacy? by WaffleMonster · · Score: 2

      The last major browser that doesn't support TLS 1 was IE6. Even Microsoft doesn't support that piece of crap anymore.

      I'm scared now... tested using old w2k image IE version 6.0.2800.1106 - TLSv1 amazingly works just fine with IE6 using RC4-SHA cipher, forcing AES was no-go.

      When compatibility issues are raised always insist people name names too much of this space is ruled by legend passed down throughout the ages and unhealthy doses of hearsay.

      Everyone saying "there are servers" or "there are clients" please name names and versions.

    6. Re:How legacy is legacy? by Vellmont · · Score: 1

      I think you missed my point. The point was about the implications of removing SSL3 from the server side. Many times you can't just simply change something on a webserver to fix one browser without breaking another.

      In this case, the effects seem to be minimal, and would only break IE6. That's not a problem in 2014, but would have been a major problem if this was discovered in 2007.

      --
      AccountKiller
    7. Re:How legacy is legacy? by Vellmont · · Score: 1

      Yes, it's possible for IE6 to use TLS 1.0. But it's not enabled by default. Since it's not on by default, it'll essentially be broken when users visit a site with SSL 3 disabled.

      I don't have an old IE6 machine to check myself, but I've found several references that say it's not on.

      https://news.ycombinator.com/i...

      --
      AccountKiller
  4. Don't use plaintext by NotQuiteReal · · Score: 4, Funny

    Become a sesquipedalian - use fancy fonts, Bold, ALL CAPS, whatever it takes to be plaintext free!

    --
    This issue is a bit more complicated than you think.
    1. Re:Don't use plaintext by Anonymous Coward · · Score: 1

      If you make your text Comic Sans MS it will look so dreadful, nobody would want to read it, hence more secure.

  5. subject by Anonymous Coward · · Score: 1

    If it doesn't support TLS 1, it isn't worth supporting.

  6. Chrome and disabling SSLv3 by Anonymous Coward · · Score: 4, Informative

    Too bad Google removed the options to enable or disable SSL versions from Chrome some time ago, in an effort to further dumb down the browser. The options used to be under "advanced, but they aren't anymore. Not even available under about:flags.

    Still available, but more hidden:

    Chrome users that just want to get rid of SSLv3 can use the command line flag --ssl-version-min=tls1 to do so. (We used to have an entry in the preferences for that but people thought that “SSL 3.0” was a higher version than “TLS 1.0” and would mistakenly disable the latter.)

    https://www.imperialviolet.org/2014/10/14/poodle.html

    1. Re:Chrome and disabling SSLv3 by rmstar · · Score: 2

      "We used to have an entry in the preferences for that but people thought that âoeSSL 3.0â was a higher version than âoeTLS 1.0â and would mistakenly disable the latter."

      And this, ladies and gentlemen, is why security is so hard. You have this chaotic ape in front of the keyboard making a mess of everything. Now excuse while I go fetch me a banana.

  7. Stuck between a rock and noplace by WaffleMonster · · Score: 1

    Does anyone know what exactly "many clients implement a protocol downgrade dance" means? ... never heard of this ever... who exactly is doing this and what the hell are they thinking?

    Screw this TLS_FALLBACK_SCSV bullshit it's 2014 cut the music and send the dancers home.

    1. Re:Stuck between a rock and noplace by Anonymous Coward · · Score: 1

      Some servers don't handle TLS version numbers at all, and typically just reject the connection instead of advertising to the connecting client that they can support SSL3, TLS1.0 and TLS1.1 but not TLS1.2. So when the client tries to connect with TLS1.2, they are disconnected, so the client tries to connect with TLS1.1 and is successful.

      The problem comes in when the client tries to connect with TLS1.1 and Mr. MITM causes the connection to fail. Then it tries to connect with TLS1.0 and Mr. MITM causes the connection to fail. Then it tries to connect with SSL3 and Mr. MITM lets the connection through because Mr. MITM can read SSL3 traffic.

      This SCSV thing adds a flag to each side to say "but I'm only using this protocol because you didn't like the other protocol" and for the server to say "but you never asked me?"

      BTW, the core reason for all of this was because the pre-TLS browsers absolutely shit themselves over TLS1.0 advertisements, and because browser makers are absolute fuckers, rather than popping up a window saying "This site uses encryption I can't handle, upgrade now? [Yes] [Yes]" it popped up a window saying "this site is shit and you're shit for wanting to look at it." so the server admins shut it off, because what were they going to do, put a page on their site saying "You can only read this page with the list of supported browser versions if you have a supported browser"?

    2. Re:Stuck between a rock and noplace by Anonymous Coward · · Score: 0

      Also I absolutely believe that Microsoft was negligent in not releasing one final update for XP that would detect TLS in IE and rather than popping up "Sorry boss but this website is broken, and I'm not going to suggest that you go into settings and enable TLS", it would pop up "This website requires a higher level of security than your computer can provide. Click here to buy Windows 8.1!" Negligent to their stockholders, negligent to their users, and negligent to the internet in general.

    3. Re:Stuck between a rock and noplace by pathological+liar · · Score: 4, Informative

      The paper explains it.

      It is to support old servers (ancient Cisco gear comes to mind) that can't properly negotiate newer TLS versions. Unfortunately those failed negotations don't fail, er, gracefully -- it just kills the connection. Browsers (Chrome, Firefox, probably others) retry using SSLv3. Why? There's a lot of old gear out there.

    4. Re:Stuck between a rock and noplace by WaffleMonster · · Score: 1

      It is to support old servers (ancient Cisco gear comes to mind) that can't properly negotiate newer TLS versions. Unfortunately those failed negotations don't fail, er, gracefully -- it just kills the connection. Browsers (Chrome, Firefox, probably others) retry using SSLv3. Why? There's a lot of old gear out there.

      There has got to be a better solution for clients in 2014 that does not involve leaving users vulnerable to downgrade attack.

      Why can't browser vendors provide users with an option to enable "dancing" and not have it enabled by default?

      I love backwards compatibility but the cost to overwhelming majority of people who don't have old vulnerability ridden gear to manage via SSL is way too high in 2014.

    5. Re:Stuck between a rock and noplace by Anonymous Coward · · Score: 0

      Firefox already mitigates the attack to some degree. If the connection started out at TLS 1.2 or 1.1 then it could not be downgraded to SSL3 because the code allowing that was removed sometime ago. You'd just get some arcane error message. If the connection started out at TLS 1.0, then it could be downgraded to SSL3. Easiest way in Firefox to prevent a connection downgrade to SSL3 is to set "security.tls.version.min" to 1 in the about:config page. This sets the minimum version of the encryption protocol to TLS 1.0

    6. Re:Stuck between a rock and noplace by WaffleMonster · · Score: 2

      Firefox already mitigates the attack to some degree. If the connection started out at TLS 1.2 or 1.1 then it could not be downgraded to SSL3 because the code allowing that was removed sometime ago.

      This does not make any sense. A mitigation that does not work is not worth anything.

      Easiest way in Firefox to prevent a connection downgrade to SSL3 is to set "security.tls.version.min" to 1 in the about:config page. This sets the minimum version of the encryption protocol to TLS 1.0

      What good does that do when a future attack against TLS 1.0 succeeds and 1.2 users again find themselves being pulled down to 1.0?

    7. Re:Stuck between a rock and noplace by WaffleMonster · · Score: 1

      Some servers don't handle TLS version numbers at all, and typically just reject the connection instead of advertising to the connecting client that they can support SSL3, TLS1.0 and TLS1.1 but not TLS1.2. So when the client tries to connect with TLS1.2, they are disconnected, so the client tries to connect with TLS1.1 and is successful.

      Please I'm begging for names... name names and versions... Who is supporting 1.1 AND doing this?

      This SCSV thing adds a flag to each side to say "but I'm only using this protocol because you didn't like the other protocol" and for the server to say "but you never asked me?"

      Isn't it easier to fix existing implementations rather than inventing new capability negotiation schemes, writing the code and deploying? Is anyone sure extra flags won't cause new compatibility problems?

      If everyone is shutting down SSL 3 anyway as seems to be the case... what then is the remaining intersection of TLS 1+ capable servers and clients still not supporting version negotiation? Please anyone who knows I beg you to name names.

      BTW, the core reason for all of this was because the pre-TLS browsers absolutely shit themselves over TLS1.0 advertisements, and because browser makers are absolute fuckers, rather than popping up a window saying

      Please name names what browsers?

    8. Re:Stuck between a rock and noplace by WaffleMonster · · Score: 1

      The paper explains it.

      Desperately looking for names and versions.

      is to support old servers (ancient Cisco gear comes to mind) that can't properly negotiate newer TLS versions.

      Is this IOS? What versions?

      Unfortunately those failed negotations don't fail, er, gracefully -- it just kills the connection. Browsers (Chrome, Firefox, probably others) retry using SSLv3. Why? There's a lot of old gear out there.

      Then why are the browser vendors saying they are going to disable SSL v3? If we're going to use SSLv3 as an excuse and that excuse is taken away ... what's left?

    9. Re:Stuck between a rock and noplace by Anonymous Coward · · Score: 0

      Also I absolutely believe that Microsoft was negligent in not releasing one final update for XP that would detect TLS in IE and rather than popping up "Sorry boss but this website is broken, and I'm not going to suggest that you go into settings and enable TLS", it would pop up "This website requires a higher level of security than your computer can provide. Click here to buy Windows 8.1!" Negligent to their stockholders, negligent to their users, and negligent to the internet in general.

      That sinking feeling when you realize that OS makers would rather have you waste money on a new version when the old one does the same for free: "we don't support 'new' problems in your 'sunset' OS"
      12 hours ago I was trying to kill an MSI installer in a nonstop loop on a friend's XP machine. Task kill failed due to rights, the Control Panel lacked an uninstall for this particular program, and MS's cleaner tool had this "haha, we no longer have this tool here because your product sucks" message since 2010. I'll give them credit for leaving a link to a new Fixit tool, but the tool was useless. CCleaner was able to offer me the uninstall option for the same software. It boggles the mind that our OS can fail to know what is installed and what isn't, when some Third party isn't equally confused.

      The computing business is corrupt. Since we are in it too deep to run for the hills, we must always assume treachery and try and keep it from sucking us in deeper. Moral here is to not use any browser with non-sense. Unfortunately that has left me to distrust Firefox, IE, Chrome and even dear Opera. I'm more willing to try forks, which ironically haven't been around to be deemed trustworthy --convenience tradeoffs ends up pulling me back to the untrusted browsers.

      CAPTCHA: comply

    10. Re:Stuck between a rock and noplace by Anonymous Coward · · Score: 0

      Firefox already mitigates the attack to some degree. If the connection started out at TLS 1.2 or 1.1 then it could not be downgraded to SSL3 because the code allowing that was removed sometime ago.

      That's untrue. Firefox treats certain types of error as "version intolerance" and will fall back to a lower version unless it has recently connected successfully at the higher version.

      What good does that do when a future attack against TLS 1.0 succeeds and 1.2 users again find themselves being pulled down to 1.0?

      Disabling SSLv3 does nothing for future attacks; but the other measures we are putting in place will. The downgrade SCSV will let a server detect a downgrade attack, or incorrect version fallback. We're adding a pref to control how far fallback will go. And HTTP/2 won't permit anything short of TLS 1.2 with modern crypto (i.e., nothing that is even remotely suspect).

      As with many things, there is a balance to be struck. Disabling SSLv3 a year ago would have affected a lot of sites, including major commerce and banking sites, and it's not always an easy fix with aging infrastructure and long supply chains for equipment.

    11. Re:Stuck between a rock and noplace by Foresto · · Score: 1

      Can you link to the documentation for this? I'm too lazy to search for it right now. :)

    12. Re:Stuck between a rock and noplace by WaffleMonster · · Score: 1

      Disabling SSLv3 does nothing for future attacks; but the other measures we are putting in place will.

      The problem is non standards complaint behavior of web browsers willfully subverting downgrade attack prevention features baked into SSL/TLS standards.

      The downgrade SCSV will let a server detect a downgrade attack, or incorrect version fallback.

      This requires both servers and clients to support it and associated propagation throughout the worlds server and client stacks to be at all effective. SCSV is not even an RFC.

      Why leave people exposed in this manner? What good is TLS 1.2 deployment and fancy new AHEAD ciphers when any yahoo can come along and force affected browsers to TLS v1... What is the compatibility based reason for continuing this behavior when SSL v3 is being disabled in new browsers anyway? Please name names.

      As with many things, there is a balance to be struck. Disabling SSLv3 a year ago would have affected a lot of sites, including major commerce and banking sites, and it's not always an easy fix with aging infrastructure and long supply chains for equipment.

      What balance? What are the tradeoffs? Nobody seems to know. What is on the other side of the ledger to serve as a counterweight to allowing downgrade attacks to persist in 2014 and why does everyone need to bear that risk by DEFAULT?

  8. Lame bug by Anonymous Coward · · Score: 0

    I think of Alanis here:

    Isn't it ironic -- that the very bug the found supports the implementation of the rfc they wrote?

    Why would anyone attempt to do this exploit this? It is soo much easier just to get someone to click on a link and snarf up all their data with malware. Why do this 256 try to get 1 byte of a cookie?

  9. Er, they mentioned that by pathological+liar · · Score: 2

    From agl:

    We used to have an entry in the preferences for that but people thought that “SSL 3.0” was a higher version than “TLS 1.0” and would mistakenly disable the latter.

    "Chrome Users Dumbed Down" might have been a more apt title.

    1. Re:Er, they mentioned that by KozmoStevnNaut · · Score: 1

      "User dumb" covers the situation much more succinctly.

      --
      Eat the rich.
    2. Re:Er, they mentioned that by Anonymous Coward · · Score: 0

      Well, that explains it. Why make your configuration page slightly educational and inform users about the relative security of each protocol when you can just remove the settings entirely?

      Seriously, what would it take? A little bar graph icon that blends between green and red depending on the relative security, so that they can see that TLS 1.0, despite the 1.0, is considered to be more secure than SSL 3.0?

  10. Seen this before. by Anonymous Coward · · Score: 0

    Search SSL in Slashdot and go back until you hit 2011. Multiple stories that year about this same issue, it's nothing new. Examples:
    http://tech.slashdot.org/story/11/09/20/1833232/hackers-break-browser-ssltls-encryption
    http://it.slashdot.org/story/11/10/26/0327251/new-attack-tool-exploits-ssl-renegotiation-bug

  11. IE 10 by shgvietnam9593 · · Score: 1

    I am using IE10, it has effect?

    --
    www.shg.com.vn
    1. Re:IE 10 by Anonymous Coward · · Score: 1

      Depends on how you've configured it.

      By default, SSLv3 is enabled.

      Tools -> Internet Options -> Advanced -> Security

      A little background; SSLv2 got kicked to the curb a few years ago when the exploit named BEAST (it's a kind of Man in the Middle attack) hit the internet.

      BEAST created a big push to move to SSLv3

      SSLv3 and TLS1.0 are very similar,

      http://serverfault.com/questions/178561/what-are-the-exact-protocol-level-differences-between-ssl-and-tls

      SSLv3 and TLS1.0 are going to have the same issues w.r.t. these BEAST-like attacks.

      Try un-selecting the check boxes for anything other than TLS1.2. Some sites will not work. They'll kick up an error message. If you can't live with that behavior, start enabling the 'weaker' TLS1.1 version (in addition to TLS1.2).

      So sites (I'm looking at you outlook.com) will not work unless you enable TLS1.0 (or SSLv3 (of course, since it's so close to TLS1.0)).

  12. TLS1.0 is effected by beast by Anonymous Coward · · Score: 0

    https://kb.radware.com/questions/2730/SSLv3%7B47%7DTLS+1.0+BEAST+vulnerability

    SSLv3 and TLS1.0 are much of a muchness,
    http://serverfault.com/questions/178561/what-are-the-exact-protocol-level-differences-between-ssl-and-tls

  13. POP/IMAP/SMTP? by Anonymous Coward · · Score: 0

    Are other protocols (POP/IMAP/SMTP come to my mind) over SSL affected?

    1. Re:POP/IMAP/SMTP? by Anonymous Coward · · Score: 1

      Yes, if your client falls back to SSLv3.

    2. Re:POP/IMAP/SMTP? by WaffleMonster · · Score: 1

      Yes, if your client falls back to SSLv3.

      Please don't confuse browser "dancing" behavior with SSL version negotiation. Clients and servers can support both SSL v3 and TLS 1.2 without danger of being suckered into SSL v3.

  14. 2017 or later by Anonymous Coward · · Score: 0

    >Websites secured by SHA-1 certificates that expire in 2017 or later, on this version will be treated as ‘Secure, but with minor errors’.

    I don't know the overall percentages on the web but I do know that at least one large company with a significant web presence will ONLY order 1-year certs.

    IIRC, MarkMonitor announced that they will stop issuing SHA-1 certs. So I'd say that this move is getting the job done (from Google's POV).

  15. Chicken and egg kind of thing by Anonymous Coward · · Score: 0

    Yeah, there are poorly configured servers out there but it's not fair to call this a server problem.

    I'm sitting here watching the various groups (Ops, Crytpo, Security, Network, Dev, IT, ...) walking through the problems of dropping support for SSLv3.

    It's a much more complicated issue than you're suggesting.

    OTOH, there are big changes that are going to happen in the next few days. For example, Akamai is going to block SSLv3, TLS1.0, TLS1.1 unless a customer specifically tells them not to.

    Akamai's About page claims,
    >Akamai delivers between 15-30% of all Web traffic

    They've claimed higher numbers. At last weeks Edge Conference they claimed 40% (or was it 60% ?) -- don't remember.

  16. Akamai is blocking sslv3 starting now by Anonymous Coward · · Score: 1

    Game on.

    Akamai is now blocking sslv3 'on their network.

    A few hours ago, the plan was to do this next week.

    Session keys are getting compromised in 32K guesses. 'Trivial' is the word they're using.

    Less than 60 seconds worth of traffic is all it takes.

  17. SSLv3 and TLS1.0 are very similar by Anonymous Coward · · Score: 1

    There's a very high chance that in the very near future, the majority of websites you visit are going to refuse SSLv3.

    Been listening to a bridge call with Akamai. They're disabling SSLv3, TLS1.0, and TLS1.1 on their network as I type this.

    Some major websites have already disabled SSLv3 on their own (i.e. not waiting for the CDNs to do it).

    Akamai carries 30%-40% of the web traffic (globally). Their 'About' page says 30% but they were saying 40% at the conference last week.

    FWIW, White Hats are reporting live exploits. They're using the word 'trivial'. It takes less than 60 seconds of traffic to bust a session.

  18. Which protocol is in use right now? by Foresto · · Score: 1

    Can someone tell me how to get Firefox to say which protocol it's using for any given session? The Security tab has a Technical Details section that mentions "High-grade Encryption" and TLS, but it doesn't say which version of TLS.

  19. How to disable SSL3 in Firefox by Giorgio+Maone · · Score: 1

    Easiest, one-click way to remove vulnerable SSL3 support from Firefox, while still allowing Mozilla to automatically enforce even safer defaults in future updates:

    the SSL Version Control add-on.

    --
    There's a browser safer than Firefox, it is Firefox, with NoScript
    1. Re:How to disable SSL3 in Firefox by Anonymous Coward · · Score: 0

      ...or just set security.tls.version.min to 1 via about:config.

  20. Related to recent shitty https connection? by Anonymous Coward · · Score: 0

    Could this attack on SSL3 be related to how my https connection to Reddit has been terrible the last few weeks?

  21. Anything is vunerable by Anonymous Coward · · Score: 0

    So Google manages to find a security hole in a SSL 3 that has been around for 15 years and all of a sudden we should get worried? If you look hard enough, your going to find a hole that you thought wasn't there. Just fix it and move along to the next one.

  22. Google by Anonymous Coward · · Score: 0

    when we talk about google we should not take it easy
    seocafe.tk

  23. Re:Use TLS 1.2, end backward compat by Anonymous Coward · · Score: 0

    Why do you mod this guy down? He speaks the truth! Break out of your mindset of needless backward compatibility and upgrade everything and you'll be fine. If you don't believe him, ssllabs and wikipedia have nice charts showing all worthwhile browsers and servers now support TLS 1.2.