Google To Disable Fallback To SSL 3.0 In Chrome 39 and Remove In Chrome 40

← Back to Stories (view on slashdot.org)

Google To Disable Fallback To SSL 3.0 In Chrome 39 and Remove In Chrome 40

Posted by samzenpus on Thursday October 30, 2014 @11:16AM from the get-it-out dept.

An anonymous reader writes Google today announced plans to disable fallback to version 3 of the SSL protocol in Chrome 39, and remove SSL 3.0 completely in Chrome 40. The decision follows the company's disclosure of a serious security vulnerability in SSL 3.0 on October 14, the attack for which it dubbed Padding Oracle On Downgraded Legacy Encryption (POODLE). Following Mozilla's decision on the same day to disable SSL 3.0 by default in Firefox 34, which will be released on November 25, Google has laid out its plans for Chrome. This was expected, given that Google Security Team's Bodo Möller stated at the time: "In the coming months, we hope to remove support for SSL 3.0 completely from our client products."

47 of 70 comments (clear)

Min score:

Reason:

Sort:

2014 by pushing-robot · 2014-10-30 11:20 · Score: 4, Funny

It may still not be the year of Linux on the desktop, but it is the year of silly names on serious exploits.

--
How can I believe you when you tell me what I don't want to hear?
1. Re:2014 by NotInHere · 2014-10-30 11:49 · Score: 2
  
  Computer Security is boring to most people, and when you give them funny names, or funny logos, issues become more likely popular, and are easier memorized.
2. Re:2014 by billstewart · 2014-10-31 08:53 · Score: 1
  
  Twitter shows you comments in most-recent-first mode, which is sometimes confusing when news breaks. A few weeks back my twitter feed was filling up with things like
  "[dog emoji] [knife emoji] [knide] [knife] !!!"
  and it took a while to get down to the comments about "there's a new vulnerability called 'Poodle' out today."
  
  --
  
  Bill Stewart
  New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Re:If lack of security updates didn't kill IE 6... by sexconker · 2014-10-30 11:26 · Score: 3, Informative

Tools
Internet Options
Advanced
Security
Use TLS 1.0
OK
Re:If lack of security updates didn't kill IE 6... by mackil · 2014-10-30 11:32 · Score: 1

I should've said, "doesn't by default"
Re:If lack of security updates didn't kill IE 6... by bloodhawk · 2014-10-30 11:42 · Score: 1

It does support TLS. Not to mention if nothing else has made them upgrade then this is also unlikely to be an impetus even if TLS wasn't supported.
Pros and Cons by Anonymous Coward · 2014-10-30 11:49 · Score: 2, Interesting

While I respect this decision, I can't help but think many end users will see it as a broken browser and will use IE or something else for sites which no longer work with Chrome.
Chrome's market share will drop a bit unless/until all other browsers do this too.
1. Re:Pros and Cons by devman · 2014-10-30 12:18 · Score: 1
  
  Firefox is also disabling SSL 3.0. Also, according to stats cited by Wikipedia, 99.3% of web servers support TLS 1.0
2. Re:Pros and Cons by NotInHere · 2014-10-30 12:20 · Score: 2
  
  "Today, Firefox uses SSLv3 for only about 0.3% of HTTPS connections." : https://blog.mozilla.org/secur...
  The browser vendors act this fast only because SSL 3.0 isn't used for almost all connections.
3. Re:Pros and Cons by NotInHere · 2014-10-30 12:34 · Score: 1
  
  another link: http://mzl.la/1G0vCdX
4. Re:Pros and Cons by thegarbz · 2014-10-30 13:46 · Score: 2
  
  The state of SSL already behaves like a broken browser.
  Why do I get a serious warning that says my communications are not private when I visit a website with a self-signed SSL certificate, but we get a free pass sending unencrypted information around the internet?
  How is providing a base level of encryption less private or less secure then sending something in plaintext simply because the other end hasn't paid a fee to a third party?
5. Re:Pros and Cons by MightyYar · 2014-10-30 14:10 · Score: 1
  
  How is providing a base level of encryption less private or less secure then sending something in plaintext simply because the other end hasn't paid a fee to a third party?
  It is worse to have a false sense of security.
  
  --
  W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
6. Re:Pros and Cons by squiggleslash · 2014-10-30 14:12 · Score: 1
  
  It's quite simple:
  Neither HTTP, nor HTTPS with an untrusted certificate, are secure.
  However, you don't expect HTTP to be secure. You do expect HTTPS to be secure. That's what the 'S' stands for.
  Therefore, if a self signed certificate is used, and you haven't added your authority to your browser, the browser will warn you that something you expect to be secure isn't necessarily, and prompts you to check that you are, indeed, using the right certificate, and someone isn't intercepting your communications.
  Every browser in the world allows you to add your own CA so you can use self-signed certificates without further prompting. If you've chosen not to, it's fairly reasonable for them to say "Wait, this guy has explicitly asked for a secure connection, but I have no way of verifying this connection is secure: I better say what I know and ask for further instructions."
  
  --
  You are not alone. This is not normal. None of this is normal.
7. Re:Pros and Cons by KiloByte · 2014-10-30 14:45 · Score: 1
  
  For Windows only on Nov 25, but on Linux SSL3 has been disabled for some time. In Debian since Oct 18.
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
8. Re:Pros and Cons by thegarbz · 2014-10-30 17:25 · Score: 1
  
  I don't have a false sense of security. Even without being able to verify who is on the other end I still am more secure knowing not everyone in between is listening in. Before you say MITM remember this has nothing to do with monitoring for changes in the signature. That can still be done regardless.
  Security of my transmission and certainty of who I am taking two are two different things yet browsers treat one without the other as something mythically worse than nothing at all.
9. Re:Pros and Cons by thegarbz · 2014-10-30 17:38 · Score: 1
  
  Neither HTTP, nor HTTPS with an untrusted certificate, are secure.
  However, you don't expect HTTP to be secure. You do expect HTTPS to be secure. That's what the 'S' stands for.
  Ahh false and false.
  Starting with the latter, no one really expects HTTPS to be secure, because no one really looks to check. Ask most users how they can identify if they are using HTTPS / encryption / security on the internet and the'll probably just stare at you blankly. Yet when visiting a site they'll only ever get an error if the site is attempting to do something to encrypt the signal.
  To the first point, HTTPS with an untrusted certificate is no less secure than HTTPS with a certificate which has been issued by some fallible (and they are) third party. Ok so it is slightly less secure, but the reality is you're simply trusting someone else to say that someone is who they say they are. On the other hand a self signed certificate is no worse than a plain HTTP connection yet the error is critical despite keeping other's out of the conversation. In many cases I can assume the first time I meet Bob that he is who he says he is. I should be able to use Bob's certificate subsequently without warning provided it hasn't changed, but that's not how it works.
  HTTPS with an notoriety system and self signed certificates are far more secure than HTTPS with a central fallible authority and a signed certificate.
10. Re:Pros and Cons by DrXym · 2014-10-30 20:28 · Score: 1
  
  How is providing a base level of encryption less private or less secure then sending something in plaintext simply because the other end hasn't paid a fee to a third party?
  Exactly. The whole concept of a certifying authority is fundamentally broken. It's just a tax on security. If I'm a bank or merchant then it might be worth paying a CA a lot of money to come and verify I am who I say and how I store and control access to my cert. But the standard signature that most sites obtain is worse than fucking useless. At most it might verify my credit card or my fake id. It's just a tax and the net result plain text is the default.
  Sites should be able to use unsigned keys for basic encryption. Sites should also be able to sign each other's keys and build a web of trust. Finally if they absolutely must they can get a CA to sign it. Just like with PGP. There are disadvantages to unsigned certs in that they don't stop man in the middle but browsers cache keys and participate in SSL observatory so that visitors to sites still have some measure of assurance that the key is being manipulated.
  Browsers could also present the security of a web of trust in a reasonable way as a checklist or traffic light system. Encrypts traffic (green tick); Protects from casual eavesdropping (green tick); Protects against man in the middle attacks (red cross); Signed by someone you trust (red cross) etc.
  The current system is just dumb and I'd hope that somebody, be it Mozilla, Google or whomever would roll out something better that does away with the need for a CA or forgo all encryption.
11. Re:Pros and Cons by PlusFiveTroll · 2014-10-31 00:20 · Score: 1
  
  > and self signed certificates are far more secure than HTTPS
  Right, and with I MITM the wireless AP you're on and replace the self signed with another, you'll go right on thinking you're secure.
12. Re:Pros and Cons by MightyYar · 2014-10-31 01:13 · Score: 1
  
  As the AC said, the browser isn't made for you - it is made for the average computer user, who has little to no education regarding security algorithms. I'm fairly geeky, and I would have trouble telling you a practical way to verify the authenticity of a self-signed cert. Frankly, I'm not even sure that people look for the little lock icon when they are banking, but at least if it is there you know that you are talking to the site you though you were.
  
  --
  W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
13. Re:Pros and Cons by Rich0 · 2014-10-31 01:26 · Score: 1
  
  How is providing a base level of encryption less private or less secure then sending something in plaintext simply because the other end hasn't paid a fee to a third party?
  It is worse to have a false sense of security.
  Then don't show the padlock icon. Then the browser behaves the same as if somebody MITM'ed the connection over an http->https gateway. I can trick the average user into not using SSL at all, so why fuss with self-signed certificates?
14. Re:Pros and Cons by Rich0 · 2014-10-31 02:00 · Score: 1
  
  > and self signed certificates are far more secure than HTTPS
  Right, and with I MITM the wireless AP you're on and replace the self signed with another, you'll go right on thinking you're secure.
  That is no different from what happens when you MITM a non-SSL connection.
  I have no issues with distinguishing between self-signed and vendor-certified connections. I just don't think that self-signed should trigger MORE warnings than non-SSL connections. Maybe just don't show the padlock for self-signed, and possibly just give a non-scare warning that doesn't take a lot of work to click through the first time you see a particular certificate for a particular site.
15. Re:Pros and Cons by MightyYar · 2014-10-31 02:01 · Score: 1
  
  Because people don't always look for the padlock icon. Chase Bank wants to make sure that every customer connects with SSL. If someone tries to MITM the bank, then they want the customer alerted. This is fail-safe. Your suggestion would simply turn off the little icon when a MITM attack was taking place, which probably would go unnoticed in a high percentage of cases.
  
  --
  W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
16. Re:Pros and Cons by Rich0 · 2014-10-31 05:26 · Score: 1
  
  Because people don't always look for the padlock icon. Chase Bank wants to make sure that every customer connects with SSL. If someone tries to MITM the bank, then they want the customer alerted. This is fail-safe. Your suggestion would simply turn off the little icon when a MITM attack was taking place, which probably would go unnoticed in a high percentage of cases.
  This is why I'd really like to see this sort of thing move to DNSSEC. If your domain's website should always use SSL with a particular cert, then put it in DNS and then everybody knows. This also reduces the impact of bad CAs - you can only forge certificates for domains you control. So, the NSA can't issue a valid .cn domain certificate, and the Chinese can't issue a valid .com one. Right now trust is just black and white.
17. Re:Pros and Cons by MightyYar · 2014-10-31 05:43 · Score: 1
  
  That does sound like a better system, though one that was impossible when SSL was first implemented.
  
  --
  W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
18. Re:Pros and Cons by thegarbz · 2014-10-31 11:15 · Score: 1
  
  I'm not asking for verification. The problem didn't always exist. Chrome used to provide sane error messages. I'm not asking to do away with them just grade them according to the risk.
  Current version of chrome with a self signed certificate produces a warning saying "Your communication is not private" which is false. It's a big red warning and you get the choice to hit the cancel button or look for the text link that says "advanced".
  A few versions ago it looked like this:
  Self signed cert: Orange screen with warning symbol. Proceed, and Back buttons.
  Cert that has expired: Orange screen with warning symbol. Proceed, and Back buttons.
  Cert which has changed: Red error screen with a back button and a text link to proceed.
  Certificate invalid or issued to wrong domain: Red error screen with back button and text link to proceed.
  The current approach throws the encrypted baby out with the bathwater in a scenario that is actually better for the end user than a situation where they get no error at all.
19. Re:Pros and Cons by viperidaenz · 2014-10-31 11:17 · Score: 1
  
  Except in Android.
  After installing a self-signed certificate every time you restart the phone you get a warning message saying "Network may be monitored". There is apparently no way to say "Yes, i know there is a user-installed certificate, stop telling me I'm hacking myself because I put it there on purpose"
Re:If lack of security updates didn't kill IE 6... by jonwil · 2014-10-30 11:50 · Score: 1

There is no reason businesses that need IE6 for corporate intranet sites that cant be made to work with anything newer (or cant be made to work without spending money the business doesn't want to spend) cant go with a modern browser (be it Chrome, Firefox or whatever else) for browsing the internet and use IE6 only for accessing those intranet sites that are stuck on IE6.
Re:If lack of security updates didn't kill IE 6... by pavon · 2014-10-30 12:19 · Score: 2

It may also bring back the days of banks requiring the use of IE, as none of the citi group websites support any version of TLS. Of course, those in the know should cancel their citi accounts. Even if you don't use their website, if their security is this lax in one area, it probably isn't great in others as well. Sucks for people with mortgages and such that are very expensive to move to another company, though.
Re:If lack of security updates didn't kill IE 6... by pavon · 2014-10-30 12:24 · Score: 1

Yeah, but not by default. I agree that this won't influence most businesses who are still running IE. But old grandma running IE 6 will find that her internet is broken, and will ask someone to fix it for her, which most likely will involve upgrading to an newer browser.
How to disable SSLv3 and test it. by uolamer · 2014-10-30 12:26 · Score: 1

How to disable SSLv3 and test it.
https://zmap.io/sslv3/browsers...
(not affiliated with site, simply found ithttp://tech.slashdot.org/story/14/10/30/220221/google-to-disable-fallback-to-ssl-30-in-chrome-39-and-remove-in-chrome-40?utm_source=rss1.0mainlinkanon&utm_medium=feed# useful)

--
s/©//g
When are they going to disable insecure downgrade? by WaffleMonster · 2014-10-30 13:11 · Score: 1

Nice they are disabling SSL 3 however actual problem was not SSL 3 which everyone was on notice for years it was actually Google's intentional action to circumvent secure version negotiation in the first place which enabled SSL 3 to continue to be a problem in 2014.
True lack vs. false sense of security by tepples · 2014-10-30 14:14 · Score: 1

Why do I get a serious warning that says my communications are not private when I visit a website with a self-signed SSL certificate, but we get a free pass sending unencrypted information around the internet?
The excuse I've seen trotted out is that a mismatch between the expected security guarantee impled by the URI scheme and the actual security guarantee of a particular connection. The http URI scheme warns the user in advance of a true lack of security, while https with an unknown certificate authority gives the user a false sense of security. StartSSL offers free personal use TLS certificates anyway.
1. Re:True lack vs. false sense of security by thegarbz · 2014-10-30 17:49 · Score: 1
  
  Oh great so now there isn't even a monetary barrier anymore to getting certificates?
  An unknown authority only provides me with a lack of information on who I am talking to. I don't need such an authority to know that who I am talking to is the same person who I was talking to yesterday, and that I am only talking to one person and not every person.
  I have no problem with graded security levels providing they make sense. No warning on HTTP, but a critical warning on a self signed certificate, especially one which uses the words "Your communications are not private" which doesn't provide a button to continue (I'm looking at you Chrome) is asinine.
  Now when I think back a year or two ago it made more sense.
  HTTP - no warning
  self signed cert - orange warning with a button allowing you to proceed.
  expired cert - orange warning with a button allowing you to proceed.
  changed certificate or invalid cert for the domain - big red warning and no button allowing you to proceed.
  That made sense, sadly it no longer does.
2. Re:True lack vs. false sense of security by sjames · 2014-10-30 19:44 · Score: 1
  
  While I do see the point in warning about the security level, most certs provide practically no actual identification beyond someone said they were X and now they're saying it again.
  In truth, I would place greater trust in a self-signed cert that has the same signature as it did the last tome I visited the site than I would in a basic cert for a site I am visiting for the first time.
3. Re:True lack vs. false sense of security by Rich0 · 2014-10-31 02:03 · Score: 1
  
  StartSSL offers free personal use TLS certificates anyway.
  I hear they issue them freely, but they do not revoke them freely. So, I can only imagine how many pre-heartbleed certs they have floating around since nobody wants to revoke the bad ones.
Walled garden browsers by tepples · 2014-10-30 14:18 · Score: 1

Every browser in the world allows you to add your own CA
Do you really mean "every browser in the world" that supports TLS or just "every major desktop browser" that supports TLS? I was under the impression that some of the browsers that run on home entertainment hardware lacked UI for adding a certificate. For example, where might I find CA options on, say, "Internet Channel powered by Opera" for the Wii video game console?
Re:If lack of security updates didn't kill IE 6... by DrXym · 2014-10-30 20:09 · Score: 1

... then this should do it since it can't use TLS.
I don't see it makes a difference. For anyone doomed to use IE6 for eternity, it won't matter what Google does in its own browser because they're not using it, at least not for whatever crappy internal website still requires IE6.
Re:If lack of security updates didn't kill IE 6... by drinkypoo · 2014-10-30 22:29 · Score: 1

Of course, those in the know should cancel their citi accounts.
this is true anyway. Citibank is pure fucking evil. Sadly, they were my only choice for a lender when I got a student loan.

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Re:If lack of security updates didn't kill IE 6... by PlusFiveTroll · 2014-10-31 00:14 · Score: 1

https://www.ssllabs.com/ssltes...
IE 11 / Win 8.1 R TLS 1.2 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
Chrome 37 / OS X R TLS 1.2 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
Firefox 32 / OS X R TLS 1.2 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
Other than the lack of Forward-Secrecy and lack of GCM it looks like Citi supports modern TLS.
Eat that Philip Paradis by Khyber · 2014-10-31 01:12 · Score: 1

I happen to consult with Google frequently on stuff like this - the joys of being one of their top Helpouts providers on computer solutions. We've been discussing this since the vulnerability was discovered.
Philip Paradis apparently knows nothing, here.

--
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Re:If only there was a TLS roadmap from Google by Khyber · 2014-10-31 01:14 · Score: 1

TLS 1.0 will likely get the same phase-out soon enough.
They should just jump to TLS 1.2.

--
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Lack of SNI prior to April 2014 by tepples · 2014-10-31 03:17 · Score: 1

The monetary barrier hasn't been on the very itself for at least a couple years. It's been in the fact that older TLS stacks (such as those that shipped with Windows XP and Android 2.x) couldn't handle Server Name Indication (more than one certificate per IP address), along with the disappointingly slow uptake of IPv6. So until April of this year, when XP security patches ended, each site owner needed to pay its hosting service for a separate IPv4 address.
Day one MITM by tepples · 2014-10-31 03:20 · Score: 1

So how do you make sure your Internet connection doesn't have a man in the middle attack from day one?
1. Re:Day one MITM by sjames · 2014-10-31 06:18 · Score: 1
  
  That's the problem. A CA signed cert doesn't help much for that. The basic cert can be had in pretty much any name just by photoshopping a fake letterhead. Even the 'advanced' signed certs can be forged (and have been) under orders from NSA and similar shady criminal organizations. Really, only casual forgeries are prevented, but casual forgeries are unlikely to take the steps necessary to subvert DNS or routing required for any MITM attack Note too that if I attack your PC to subvert DNS or routing, I can as easily drop my Snakeoil LTD CA cert into your browser while I'm at it..
  The one way to be really sure is to use an independent communication channel to ask the fingerprint of the cert in use. At that point, self-signed and CA signed are of the same value.
  But note that in other cases, the question that matters is actually is this entity 'A' the same entity 'A' that I successfully did business with last month? In this case, knowing that the name is 'A' isn't necessarily all that useful unless 'A' is famous. That case is well served by the browser remembering what cert was used last time. In that case, self-signed is fine.
  By far, the most common problem that actually affects people is attacks involving very similar names or typo domain names that are easily overlooked.
StartSSL, DANE, Perspectives by tepples · 2014-10-31 04:49 · Score: 1

TL;DR: Install Perspectives if you want to use an unknown CA.

The whole concept of a certifying authority is fundamentally broken.
Broken by StartSSL, which provides personal use certificates without charge.

Sites should be able to use unsigned keys for basic encryption.
They can. They just have to find some out-of-band way to get their keys onto visitors' machines in order to circumvent a MITM-from-day-one attack. This could involve DANE, which puts keys and certificates in DNSSEC. Or it could involve the Perspectives extension for Firefox, which verifies a site's certificate through diverse Internet routes between the site and notary servers whose certificates are delivered in a browser extension package signed by the browser vendor.

Just like with PGP.
I have my own problems with PGP's assumption of transitive trust. Just because you can vouch for someone's identity doesn't mean you can vouch for that person's ability to correctly vouch for others' identities.
1. Re:StartSSL, DANE, Perspectives by DrXym · 2014-10-31 07:08 · Score: 1
  
  TL;DR: Install Perspectives if you want to use an unknown CA.
  It's not a case of installing anything. It requires a whole new secure protocol that browsers support out of the box.
  
  Broken by StartSSL, which provides personal use certificates without charge.
  It's still a CA and it's demonstrative of the uselessness of a CA in the first place. The cert makes a scary box go away nothing more. Even if its free (in money) it's still an onerous task in time and effort to obtain a cert. And with my tinfoil hat on, why should I trust an operation in Israel to generate a trustworthy certificate for my site? It's not the first time a CA has been compromised and issued phony certs for MITM attacks.
  
  I have my own problems with PGP's assumption of transitive trust. Just because you can vouch for someone's identity doesn't mean you can vouch for that person's ability to correctly vouch for others' identities.
  True but it still has the potential to build more meaningful trust to a site than a CA can. e.g. Red Hat could sign Ubuntu's site and vice versa and they could sign various Linux user groups and so forth. Just like happens with PGP keys. It's more meaningful than some random CA and far harder compromise especially if browsers cache keys and signatories or look them up in SSL observatory.
Re:Microsoft's already patched IE... apk by viperidaenz · 2014-10-31 11:10 · Score: 1

But the Microsoft article is dated October 15.
Last time I checked, October 15th was before October 18th.