UPDATE 2014-10-14 23:40 UTC The details have been published: meet the SSL POODLE attack.
UPDATE 2014-10-15 11:15 UTC Simpler server test method, corrected info about browsers
UPDATE 2014-10-15 16:00 UTC More information about client testing
El Reg posted an article earlier today about a purported flaw in SSL 3.0 which may or may not be real, but it’s been a bad year for SSL, we’re all on edge, and we’d rather be safe than sorry. So let’s take it at face value and see what we can do to protect ourselves. If nothing else, it will force us to inspect our systems and make conscious decisions about their configuration instead of trusting the default settings. What can we do?
The answer is simple: there is no reason to support SSL 3.0 these days. TLS 1.0 is fifteen years old and supported by every browser that matters and over 99% of websites. TLS 1.1 and TLS 1.2 are eight and six years old, respectively, and are supported by the latest versions of all major browsers (except for Safari on Mac OS X 10.8 or older), but are not as widely supported on the server side. So let’s disable SSL 2.0 and 3.0 and make sure that TLS 1.0, 1.1 and 1.2 are enabled.
What to do next
Test your server
The Qualys SSL Labs SSL Server Test analyzes a server and calculates a score based on the list of supported protocols and algorithms, the strength and validity of the server certificate, which mitigation techniques are implemented, and many other factors. It takes a while, but is well worth it. Anything less than a B is a disgrace.
If you’re in a hurry, the following command will attempt to connect to your server using SSL 2.0 or 3.0:
:|openssl s_client -ssl3 -connect www.example.net:443
If the last line it prints is DONE
, you have work to do.
Fix your server
Disable SSL 2.0 and 3.0 and enable TLS 1.0, 1.1 and 1.2 and forward secrecy (ephemeral Diffie-Hellman).
For Apache users, the following line goes a long way:
SSLProtocol ALL -SSLv3 -SSLv2
It disables SSL 2.0 and 3.0, but does not modify the algorithm preference list, so your server may still prefer older, weaker ciphers and hashes over more recent, stronger ones. Nor does it enable Forward Secrecy.
The Mozilla wiki has an excellent guide for the most widely used web servers and proxies.
Test your client
The Poodle Test website will show you a picture of a poodle if your browser is vulnerable and a terrier otherwise. It is the easiest, quickest way I know of to test your client.
Qualys SSL Labs also have an SSL Client Test which does much the same for your client as the SSL Server Test does for your server; unfortunately, it is not able to reliably determine whether your browser supports SSL 3.0.
Fix your client
On Windows, use the Advanced tab in the Internet Properties dialog (confusingly not searchable by that name, search for “internet options” or “proxy server” instead) to disable SSL 2.0 and 3.0 for all browsers.
On Linux and BSD:
- Firefox: open and set
security.tls.version.min
to 1. You can force this setting for all users by addinglockPref("security.tls.version.min", 1);
to your system-wide Mozilla configuration file. Support for SSL 3.0 will be removed in the next release. - Chrome: open and select “show advanced settings”. There should be an HTTP/SSL section which lets you disable SSL 3.0 is apparently no way to disable SSL 3.0. Support for SSL 3.0 will be removed in the next release.
I do not have any information about Safari and Opera. Please comment (or email me) if you know how to disable SSL 3.0 in these browsers.
Good luck, and stay safe.
According to Apache Documentation, [1] it should be SSLProtocol, not
SSLProtocolsSSLProtocol ALL -SSLv3 -SSLv2
Anyway, thank you for useful article.
[1] http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslprotocol
Thank you, fixed.
I think there is a typo; “SSLProtocols” should be “SSLProtocol”.
Thank you, fixed.