New SSL security exploit discovered

This isn't a good year for web cryptography. On the heels of this spring's Heartbleed debacle, Google has announced the discovery of a new exploit, this time affecting SSL 3.0.

While SSL 3.0 is obsolete, the protocol is supported by most modern browsers and can be invoked in the event of a connection failure. "[B]rowsers will retry failed connections with older protocol versions, including SSL 3.0," Google explains. "Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue."

The exploit is outlined here, and the specifics are, frankly, a little over my head. In a nutshell, though, Google says the exploit "can be exploited by a man-­in-­the-middle attacker to decrypt 'secure' HTTP cookies." Plugging the hole involves the following steps:

Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.

Both Google's web servers and its Chrome web browser already support TLS_FALLBACK_SCSV (and have done so since February). On top of that, the company says Chrome will "begin testing changes today that disable the fallback to SSL 3.0." Since the blog post about this issue went up yesterday afternoon, I assume testing is already underway.

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.