On 10/15/2014 2:58 AM, Ray Satiro wrote:
> I read today of a new method to decrypt SSL called POODLE. If you
> haven't read of it you should. It works by using SSL fallback behavior
> to get SSLv3 which can now be decrypted [1][2].

To be more correct on this POODLE "allows a network attacker to extract
the plaintext of targeted parts of an SSL connection, usually cookie
data" [1].

The OpenSSL that was released today has TLS_FALLBACK_SCSV [2] that looks
to solve the fallback behavior if the server and client support it.
"OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications
to block the ability for a MITM attacker to force a protocol downgrade"
[3]. What about enabling this by default when it's available, something
like if(!conn->data->set.ssl_disable_scsv)
SSL_CTX_set_mode(connssl->ctx, SSL_MODE_SEND_FALLBACK_SCSV), and
something could be put in CURLOPT_SSL_OPTIONS to allow the user disable
it like was done for BEAST, like CURLSSLOPT_ALLOW_DOWNGRADE_ATTACK would
set ssl_disable_scsv true.

1: https://www.imperialviolet.org/2014/10/14/poodle.html
2: https://www.openssl.org/~bodo/ssl-poodle.pdf
3: https://www.openssl.org/news/vulnerabilities.html#2014-3568

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-10-15