One-stop resource on how to effectively disable SSLv3 in major web browsers as well as in web, mail and other servers that may still be using it.
SSL, and its successor TLS, are cryptographic protocols designed to provide communication security over the Internet. In the web realm, they are providing HTTPS, but they are also used for other application protocols. SSLv1 was never publicly released, and SSLv2 was quickly found to be insecure. SSLv3 was created, and, together with the newer TLSv1/1.1/1.2, it is still currently being used to secure the transport layer of the Internet.
As it happened for SSLv2, recently Google engineers pointed out that SSLv3 is broken (with an exploitation technique known as POODLE) and should not be used any longer. There is a patch, but it does not mitigate the issue completely as it will work only if both sides of the connection have been patched. SSLv3 is nearly 18 years old, but support for it remains widespread. Clients and servers should disable SSLv3 as soon as possible. While there is a tiny fraction of Internet users that run very outdated systems that do not support TLS at all, clients that won't be able to connect to your website or service are limited: CloudFlare announced on October 14th 2014 that less than 0.09% of their visitors still rely on SSLv3.
If you are a server administrator, you really should disable SSLv3 now for the security of your users. By doing this, clients will no longer be able to use the insecure SSLv3 protocol to connect to you, and will have to use a newer, more secure alternative.
As a user, you should disable SSLv3 in your browser now to secure yourself when visiting websites that still support SSLv3. By doing this, you will be sure your client won't attempt to establish a connection with SSLv3 and will use a more secure alternative.
No, POODLE is a protocol vulnerability. This means this is inherent in the inner workings of SSLv3, and you can't really patch it.
No, you don't need to issue a new certificate. The POODLE attack is not a memory leak, it is a plaintext recovery attack that focuses on HTTP headers and exploits a weakness in the SSLv3 protocol when used with block ciphers.
A possible mitigation, to be implemented on both the server and the client, is to add support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV). This new feature prevents protocol downgrade attacks when certain applications such as web browsers attempt to reconnect using a lower protocol version. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks. You will get this patch in your regular software updates, but it is not enough, since it will work only if both sides of the connection have been patched.
Maybe. The attack scenario requires the attacker to be able to inject data of their own, and to intercept the encrypted bytes. The most natural context where such a thing happens is a web browser, but we can't exclude other clients could be vulnerable to a POODLE-like technique.
Great, please leave a comment in the comment section at the bottom of the page.
If your server is exposed to the Internet, and you don't mind sharing the hostname with a third party service, you can use web tools such as Tinfoil.
If, on the other hand, you want to check this manually, you can use
openssl on any Unix machine:
openssl s_client -connect <host>:<port> -ssl3A host that has SSLv3 disabled will return an error with handshake failure in it.
This page was compiled by Michele Spagnuolo.