Confirmed users
529
edits
Security/Server Side TLS: Difference between revisions
Jump to navigation
Jump to search
→Attacks on TLS
| Line 770: | Line 770: | ||
* DHE-DSS-AES256-SHA | * DHE-DSS-AES256-SHA | ||
== Attacks on TLS == | == Attacks on SSL and TLS == | ||
=== BEAST CVE-2011-3389 === | === BEAST CVE-2011-3389 === | ||
| Line 810: | Line 810: | ||
more: http://breachattack.com/ | more: http://breachattack.com/ | ||
=== POODLE [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566 CVE-2014-3566] === | |||
POODLE is an attack on the padding used by SSLv3. It is a significant improvement of the BEAST attack which led the cryptography community to recommend disabling SSLv3 globally. | |||
<blockquote> | |||
''If you can arrange the message to be the correct length then the last block is 15 arbitrary bytes and the padding length (15). Then you arrange an interesting byte to be in the last position of a different block and duplicate that block to the end. If the record is accepted, then you know what the last byte contained because it decrypted to 15.'' | |||
''Thus the attacker needs to be able to control some of the plaintext in order to align things in the messages and needs to be able to burn lots of connections (256 per byte, roughly). Thus a secret needs to be repeated in connection after connection (i.e. a cookie).'' | |||
source: Adam Langley in https://bugzilla.mozilla.org/show_bug.cgi?id=1076983#c29 | |||
</blockquote> | |||
Daniel Stenberg (Mozilla, cUrl) has a good description of the exploitability of POODLE in http://daniel.haxx.se/blog/2014/10/17/curl-is-no-poodle/ | |||
Our guidelines maintain support for SSLv3 in the Old configuration only. This is required for clients on Windows XP service pack 1 & 2 that do not have support for TLSv1.0. Internet Explorer and Chrome on those platforms are impacted. Mozilla wants to be reachable from very old clients, to allow them to download a better browser. Therefore, we maintain SSLv3 compatibility on a limited number of sites. But all sites that do not need that level of compatibility are encouraged to implement the Intermediate configuration | |||
== SPDY == | == SPDY == | ||