Google Finds Vulnerability In SSL 3.0 Web Encryption

AlbanX sends word that security researchers from Google have published details on a vulnerability in SSL 3.0 that can allow an attacker to calculate the plaintext of encrypted communications. Google's Bodo Moller writes, SSL 3.0 is nearly 15 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue. Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response (PDF) is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.

Chrome Dumbed Down

[brunes69]

Too bad Google removed the options to enable or disable SSL versions from Chrome some time ago, in an effort to further dumb down the browser. The options used to be under "advanced, but they aren't anymore. Not even available under about:flags.

Re:Chrome Dumbed Down

[complete+loony]

Tick this box to break the internet? Those kinds of options just cause user frustration. Security should not be optional.

How legacy is legacy?

[Vellmont]

The last major browser that doesn't support TLS 1 was IE6. Even Microsoft doesn't support that piece of crap anymore. I'm sure there's some special cases of embedded systems out there that rely on SSL3 only, but that's a small minority.

So the question to me is, what would break if you disabled SSL3? Breaking the web for IE6 users happened a long, long time ago.