SSLV3.0需要停用之原因

一般伺服器在進行https通訊協定的溝通時,會有提供自動調整通訊協定的功能,通常會以最高版本的通訊協定為優先,如TLS1.2,一旦發現哪一方不是相同的通訊協定,則會一直交握(handshack)直到找到雙方都有的協定為止,而這樣的調整,除了server與client之間的協定自動啟動外,也可以由存在網路中的駭客主動發起此類的協定調整,達成入侵目的

這樣就類似駭客可以決定哪一種通訊協定,因此要讓server與client的協定調整為SSLV3.0是很容易的,而SSLV3.0不論是用RC4的串流加密或者CBC的區塊加密,目前已經知道是不安全的加密方式,容易被駭客攻擊,因此SSLV3.0是存在漏洞的通訊協定的

此SSL3.0的弱點可以通過中間人攻擊解密“安全”的HTTP cookies，使用技術先發動BEAST攻擊然後再發動的獅子狗(POODLE)攻擊,那要如何解決這樣的問題呢?

第一種最安全的方式是讓server與client完全禁用SSLV3.0的通訊協定,這樣是可以完全消除此疑慮,但是要禁用牽涉到很多環境與程式的問題,因此有很多系統是無法禁用的,那該如何呢?

第二種就是讓瀏覽器支援TLS_FALLBACK_SCSV 機制,這機制就是在交握的時候,拒絕降級通訊協定的攻擊界接(TLS1.2，TLS嘗試下一個1.1，那麼TLS1.0，然後SSL3.0),使用TLS_FALLBACK_SCSV將確保SSL 3.0攻擊者可以不再強制降級的協議.

也鑒於如此的漏洞,又加上GOOGLE的工程師發現POODLE的攻擊,GOOGLE CHROME瀏覽器,已經宣布未來幾個月內將完全不支援SSLV3.0,您可能認為這件事情跟我們沒太大關係,可是對於系統開發商以及一般需要與瀏覽器界接的開發者,這可是很重要的改變,所以不得採取對策因應此事!

對於我們使用者而言,盡量使用最新版本的瀏覽器,或者將您的瀏覽器支援的通訊協定設定,調整不支援SSLV3.0,也可避免此問題的發生!如果您想知道您的網站是否有開啟SSLV3,可使用本網站提供的工具測試安全性測試網頁

以下是chrome 將停用SSLV3.0的說明,可參考看看!
Posted: Tuesday, October 14, 2014

This POODLE bites: exploiting the SSL 3.0 fallback

Today we are publishing details of a vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker. I discovered this issue in collaboration with Thai Duong and Krzysztof Kotowicz (also Googlers).

SSL 3.0 is nearly 18 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue.

Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.

Google Chrome and our servers have supported TLS_FALLBACK_SCSV since February and thus we have good evidence that it can be used without compatibility problems. Additionally, Google Chrome will begin testing changes today that disable the fallback to SSL 3.0. This change will break some sites and those sites will need to be updated quickly.

In the coming months, we hope to remove support for SSL 3.0 completely from our client products.

Thank you to all the people who helped review and discuss responses to this issue.

Posted by Bodo Möller, Google Security Team

這邊有一篇GOOGLE介紹POODLE的文章,也可參考看看:

ssl-poodle: