Re: POODLE SSLv3 downgrade attack

[Erwann Abalea <eabalea@gmail.com>]

2014-10-19 15:36 GMT+02:00 Howard Chu <hyc@symas.com>:

Joe Friedeggs wrote:

Pardon my ignorance on the subject, but I need to understand this:

 > You've probably all heard about this "new" attack several times by now. Just
 > to confirm what's already been stated - this attack only affects HTTP browsers
 > that deliberately break the TLS handshake protocol to allow using older SSL
 > versions. It does not affect LDAP software at all.

Isn't this configurable?  With the following:

TLSCipherSuite          HIGH:MEDIUM:+TLSv1:+SSLv3:RSA

doesn't this allow SSLv3?

Yes.

To secure against POODLE, don't we need to remove
the SSLv3?

No. In the standard TLS handshake protocol, if both sides support TLSv1, it's not possible to downgrade to SSLv3. The POODLE attack only exists because web browsers intentionally break the standard TLS handshake protocol.

Or more commonly because some equipment (a firewall, most of the time) closes the connection at both ends, and the browser retries the connection with a protocol downgrade. Web browsers don't intentionally break the handshake, they try to adapt to various servers+networks environments to get the resource desired by the end user.

--
Erwann.