SSL 3.0 vulnerability discovered. Find out how to protect yourself

SSL 3.0 vulnerability discovered. Find out how to protect yourself

A security vulnerability in SSL 3.0 has been uncovered by Bodo Möller and two other Google employees that attackers can exploit to calculate the plaintext of secure connections.

SSL 3.0 is an old protocol and most Internet servers use the newer TLS 1.0, TLS 1.1 or TLS 1.2 protocols instead. Client and server usually agree to use the latest protocol version during connections during protocol handshake but since TLS is backwards compatible with SSL 3.0, it can happen that SSL 3.0 is being used instead.

During the first handshake attempt the highest supported protocol version is offered but if this handshake fails, earlier protocol versions are offered instead.

An attacker controlling the network between the client and server could interfere with the handshake attempt so that SSL 3.0 is used instead of TLS.

Details about the attack are available in the security advisory "This POODLE Bites: Exploiting The SSL 3.0 Fallback" which you can download with a click on this link.

Protection against the attack

Since SSL 3.0 is being used by the attacker, disabling SSL 3.0 will block the attack completely. There is one problem however: if the server or client support only SSL 3.0 and not TLS, then it is no longer possible to establish a connection.

You can run SSL Tests on domain names to find out which versions of SSL and TLS they support.

ssl-test

To protect your web browser do the following:

Chrome: Google Chrome and Chromium-based browsers don't list a preference that you can change to edit the minimum and maximum protocol versions that you want the browser to use.  You can launch the browser with the parameter --ssl-version-min=tls1 to enforce usage of TLS1 or higher protocols only.

chrome-ssl3.0

Firefox: Open the about:config page and confirm that you will be careful if this is the first time you open it. Search for security.tls.version.min, double-click it and set its value to 1. This makes TLS 1.0 the minimum required protocol version.

firefox security ssl 30

Internet Explorer: Open the Internet Options with a click on the menu button and the selection of Internet Options from the menu. Switch to Advanced there and scroll down until you find Use SSL 2.0 and Use SSL 3.0 listed there (near the bottom). Uncheck the two options and click ok to apply the change.

internet explorer ssl3.0

Mozilla will remove SSL 3.0 in Firefox 34, the next stable version of the web browser that will be released in six weeks. Google plans to remove SSL 3.0 support in Chrome as well in the next months.

Windows: If you want to disable SSL 3.0 in Windows, you can do so in the Windows Registry.

  1. Tap on Windows-r, type regedit and hit enter.
  2. Confirm the UAC prompt it if appears.
  3. Navigate to the key: HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server
  4. If the path does not exist create it with a right-click on the last key that exists and select New > Key from the context menu.
  5. Right-click on Server afterwards and select New > Dword (32-bit value).
  6. Name it Enabled.
  7. Double-click it afterwards and set it to 0.
  8. Navigate to the key: HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client
  9. If the path does not exist create it using the method above.
  10. Right-click on Client and select New > Dword (32-bit value).
  11. Name it Enabled.
  12. Double-click it and change its value to 0.
  13. Restart the PC.

More information available on this help page.

Summary
SSL 3.0 vulnerability discovered. Find out how to protect yourself
Article Name
SSL 3.0 vulnerability discovered. Find out how to protect yourself
Description
How to disable SSL 3.0 in your web browser of choice to protect yourself against a recently discovered SSL 3.0 vulnerability.
Author
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. chesscanoe said on October 15, 2014 at 4:02 pm
    Reply

    An alternative to your valid Firefox solution is to install a plugin.
    https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

    1. Martin Brinkmann said on October 15, 2014 at 4:19 pm
      Reply

      Sure that is an option but I don’t think it does anything besides changing the parameter itself.

      1. Ray Redbad said on October 16, 2014 at 12:16 am
        Reply

        You are correct. But it’s perfect to recommend to mainstream users. Like my cousin Billy Bob. As well, for the rest of us, it’s easy to temporarily revert if absolutely necessary simply by hitting the Disable button in Add-Ons Extensions. And even easier to walk Billy Bob through when he calls and says he can’t open his online hunting game.

  2. Seban said on October 15, 2014 at 4:04 pm
    Reply

    Thanks, Martin

    In addition I found this:
    Thunderbird (and Seamonkey) have the same key as Firefox (security.tls.version.min), change this to 1 as well.
    I don’t know if it is relevant if you don’t use the plugin but Java has options to disable SSL 3.0, too. Open Java Control Panel -> Advanced (I guess, I’m using a German version of Win 7) -> Scroll down and look for SSL 3.0 entry

    1. Martin Brinkmann said on October 15, 2014 at 4:19 pm
      Reply

      Good point, thanks for mentioning that!

  3. Tom Hawack said on October 15, 2014 at 4:43 pm
    Reply

    I discovered this new SSL 3 vulnerability this morning… “Oh what a beautiful morning, oh what a beautiful day […]”
    Great you pointing this out, Martin.

    Here I installed for Firefox a quick tiny add-on (SSL Version Control, https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/ ) which does the job and has the advantage of having a quick switch in its option board in case a site requires it (a site we are sure of, as it happened to me once this morning).

    But I had not considered Internet Explorer, barely used. Thanks to this article IE SSL 3.0 banished as well.

  4. Sam said on October 15, 2014 at 5:37 pm
    Reply

    How about android, What can i do?

  5. firefoxlover said on October 15, 2014 at 6:27 pm
    Reply

    Martin: thanks for the article. *security.tls.version.min*, double-click it and set its value to 1

    I did the above as per your instructions in Firefox and Pale Moon but forgot the default value. Therefore I ask you that you please let me know what the default value was.

    Thank you!

    1. Martin Brinkmann said on October 15, 2014 at 6:41 pm
      Reply

      You can right-click at all times and reset it to the default value (it is 0).

      1. firefoxlover said on October 15, 2014 at 9:05 pm
        Reply

        Thank you very much Martin. Normally I write down every change done in about:config but this time I forgot.

    2. Pants said on October 16, 2014 at 4:00 am
      Reply

      you can sort the column “Status” to find all your “user set” parameters (but it will of course show items from added from extensions), and as Martin says, you can right click and reset (to default) .. personally, the number of tweaks etc over the years, I no longer have any real idea of what I’ve done – just glad I’m using portable versions (of thunderbird, FF, chrome, opera etc etc etc)

      1. Martin Brinkmann said on October 16, 2014 at 7:22 am
        Reply

        You find all modified parameters (or the most important ones at the very least) on about:support.

  6. Zeus said on October 15, 2014 at 9:53 pm
    Reply

    Hey, here’s an idea for an article, Martin: Useful Chrome parameters. I bet there’s all sorts of interesting stuff you can do.

    1. Martin Brinkmann said on October 16, 2014 at 7:49 am
      Reply

      I think I did that some time ago. Here is the master list: http://peter.sh/experiments/chromium-command-line-switches/

      1. Zeus said on October 16, 2014 at 9:35 am
        Reply
  7. ilev said on October 16, 2014 at 6:46 am
    Reply

    Microsoft has issued a security advisory 3009008

    Vulnerability in SSL 3.0 Could Allow Information Disclosure :

    https://technet.microsoft.com/library/security/3009008

    1. Martin Brinkmann said on October 16, 2014 at 7:18 am
      Reply

      Thanks for the link!

  8. DrB said on October 17, 2014 at 8:21 am
    Reply

    Google is already using tls1.2 (as per their recommendation because of an issue with TLS 1.0 and 1.1,so if you are using Firefox ?the value you want to enter is 3 (for tls1.2)

    1. Hy said on October 23, 2014 at 4:41 pm
      Reply

      So for maximum security we should set both the security.tls.version min and max values to “3”? Martin, do you or does anyone else know for sure if this is correct? And I imagine that if this is done, sites using TLS 1.0 or 1.1 but not 1.2 will not work, right?

      1. Martin Brinkmann said on October 23, 2014 at 4:56 pm
        Reply

        Setting both to 3 may render some sites unusable. Setting min to 1 and max to 3 is fine. You can experiment with setting both to 3 to see if you run into any site that is not compatible with that.

  9. Tom Hawack said on October 17, 2014 at 10:08 am
    Reply

    Want to know if YOU (your browser, rather!) are vulnerable to SSL 3.0 vulnerability? -> https://www.poodletest.com/
    Want to know if a given URL is vulnerable to SSL 3.0 vulnerability? -> https://www.poodlescan.com/

    ilev’s link above to Microsoft’s security advisory leads to information reminding that protection against this SSL 3.0 (as well as all protections) concerns not only the browsers but the system in itself (see on Microsoft’s page above mentioned what to do on the Registry level) as we sometimes forget that far more applications than the browsers only access the Web from our computer.

    1. Seban said on October 17, 2014 at 9:46 pm
      Reply

      On my Windows 7 SP1 x64 is a key called
      HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SSL 2.0\Client
      with the value DisabledByDefault=1

      Why is suggested to create a key called ‘SSL 3.0\Server’ but none like ‘SSL 3.0\Client’? Without any knowledge of networks it’d sound logical to me.

      1. Tom Hawack said on October 17, 2014 at 10:14 pm
        Reply

        Because SSL 2.0 is even older than SSL 3.0 and disabled by default I guess everywhere …
        I think that creating the SSL 3.0/Client key (if applicable) and setting its Enabled DWORD value to 0 as advised by Microsoft is the right thing to do. This is what I did, and I am far, very far from being a techie :)

        … Hope I didn’t goof!

      2. Hy said on October 23, 2014 at 4:47 pm
        Reply

        Is it also strongly advised to disable SSL 3.0 in Windows? Could someone spell out clearly step-by-step how to do this? Following the steps given in the Microsoft security advisory linked to above did not work. I don’t have “Add Value” on the Edit menu in my registry editor. Thanks

      3. Martin Brinkmann said on October 23, 2014 at 5:03 pm
        Reply

        1. Open the Registry Editor with a tap on Windows-r, typing regedit and hitting enter.
        2. Confirm UAC if it appears.
        3. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
        4. Right-click on protocols and select New > Key and name it SSL 3.0.
        5. Right-click on SSL 3.0 and select New > Key and name it Server.
        6. Right-click on Server and select New > Dword (32-bit Value).
        7. Name it Enabled.
        8. Restart Windows. SSL 3.0 should be disabled now.

      4. Tom Hawack said on October 23, 2014 at 5:23 pm
        Reply

        Martin,

        You wrote (Martin Brinkmann October 23, 2014 at 5:03 pm #)

        5. Right-click on SSL 3.0 and select New > Key and name it Server.

        Is it not rather Client?

      5. Martin Brinkmann said on October 23, 2014 at 5:33 pm
        Reply

        According to Microsoft’s instructions, no. https://technet.microsoft.com/library/security/3009008

      6. Tom Hawack said on October 23, 2014 at 5:53 pm
        Reply

        My fault, Martin – You are right, together with Microsoft,

        Indeed :
        5. Right-click on SSL 3.0 and select New > Key and name it Server.

        I shall have mistaken with the installed Registry key SSL 2.0 / Client right above.

        Good thing for me (only) that I pointed out a (non) mistake.
        Thanks for your extra-quick replly.

      7. Martin Brinkmann said on October 23, 2014 at 6:59 pm
        Reply

        You are welcome.

      8. Seban said on October 23, 2014 at 9:33 pm
        Reply

        @Tom Hawack: That was kind of my question ;)

        Why does Microsoft advise disabling SSL 3.0\Server, but not SSL 3.0\Client while there is already SSL 2.0\Client disabled?

      9. Tom Hawack said on October 23, 2014 at 9:58 pm
        Reply

        @Seban : indeed, and it is what appears to be a semantic confusion for some users as myself which comforted me to mistake on the basis of the Registry’s SSL 2.0 / Client key. If I knew the difference in the implications of a server compared to a client when it comes to a SSL Registry key i’d be fortunate to less mistake :)

        If a techie whose dream would have been to teach basics of computing to a few under-graduates, it’s now or never! … thanks :)

      10. Steve said on November 6, 2014 at 5:51 pm
        Reply

        Actually, if you check the Microsoft instructions again, there are two sections on disabling SSL 3.0: “For Server Software” and “For Client Software”. One uses the Sever key and one uses the Client key. (Perhaps they have updated the article since the above discussion).

        What I’m unsure of is whether disabling with this key should be causing browser checks for the vulnerability (https://zmap.io/sslv3/browsers.html) to fail. That site still says I’m vulnerable. Though I’m wondering if the check is based on whether the browser is advertising SSL 3.0, which would then fail if it actually tried to use it because the client is disabled.

      11. Klemm said on November 10, 2014 at 9:27 pm
        Reply

        I’m having the same situation as Steve. I’ve made the registry tweak, but Chrome is still failing the test at SSL labs. Like Steve said, is this to be expected? Is there another method to test that the machine is, in fact, *not* vulnerable?

      12. Martin Brinkmann said on November 10, 2014 at 10:02 pm
        Reply

        Is not the Registry only for Windows? For Chrome, you need to start it with a startup parameter as mentioned in the article.

  10. chesscanoe said on October 29, 2014 at 8:59 pm
    Reply

    There is a revision 2.0 today from Microsoft re SSL 3.0.
    https://technet.microsoft.com/library/security/3009008

    1. Tom Hawack said on October 29, 2014 at 9:56 pm
      Reply

      Thanks chesscanoe. That resumes to Client and Server sub-keys to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0 with DWORD Enabled set to 0.

      And reboot, once again (I just had to 10′ ago for an application install requirement!)

      Be happy.

    2. Seban said on November 3, 2014 at 3:36 am
      Reply

      Thanks

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.