now browsing by tag
It may be time to retire SSL v3.0. Seems like a new bug has taken shape. More research will be going on shortly.
The POODLE Attack
To work with legacy servers, many TLS clients implement a downgrade dance: in a first
handshake attempt, offer the highest protocol version supported by the client; if this
handshake fails, retry (possibly repeatedly) with earlier protocol versions. Unlike proper
protocol version negotiation (if the client offers TLS 1.2, the server may respond with, say,
TLS 1.0), this downgrade can also be triggered by network glitches, or by active attackers.
So if an attacker that controls the network between the client and the server interferes with
any attempted handshake offering TLS 1.0 or later, such clients will readily confine themselves to SSL 3.0.
Recently, I was working with the web administrators at a company, who had stated that they failed a security audit, due to lax ciphers on their web servers.
When they asked for my recommendations, I immediately pointed them over to Cipherli.st for a list of very useful recommendations for securing their Apache web servers. I highly recommend the advice they give on ciphers.