Today we’re writing about a vulnerability in the antiquated and obsolete SSL 3.0 protocol. In many instances, the usage of the SSL 3.0 protocol has already been replaced by TLS 1.0, TLS 1.1, and TLS 1.2 while maintaining backwards interoperability with SSL 3.0 for a seamless experience. Unfortunately, SSL 3.0 is inherently insecure and could cause information leaks such as authentication cookies & headers over-time unless removed as we’ll outline below.
SSL 3.0 is still available, as a fall-back for failed TLS handshakes. The problem is that attackers can trigger and force the usage of the SSL 3.0 protocol, which over time could leak sensitive information, due to SSL 3.0 using the RC4 cipher. This includes cookies for authentication, headers, tokens. For this reason SSL 3.0 should be disabled completely.
Unlike older attacks on the SSL infrastructure such as “Lucky-13” and “BEAST” there’s no workaround for this fix, which is why it’s recommended you disable the SSL v3 protocol on all of your machines and web servers immediately.
If you have a server utilizing SSL 3.0 and it’s not possible to disable or remove SSL 3.0, there is a flag you can use to minimize the ability of an attacker to force a fall-back to SSL 3.0 using : TLS_FALLBACK_SCSV. If you have an application that uses SSL 3.0 on both sides, you should immediately re-evaluate your application or setup and utilize TLS.
Keep in mind, simply avoiding using SSL 3.0 isn’t enough to keep your machines safe. One of the biggest aspects of the vulnerability is the ability for attackers to force a protocol fall-back to SSL 3.0 on web-servers, forcing a protocol downgrade. This would lead to information leaks, due to the RC4 cipher SSL 3.0 uses. Therefore, it’s crucial at this time to immediately disable SSL 3.0 in any web-servers or applications you have.
How to test if your web-server is vulnerable & uses SSL 3.0, using terminal on Linux or OS X:
vr-noc:~ vr-kris$ openssl s_client -connect www.mywebsite.com:443 -ssl3
Replace mywebsite.com with your actual domain, and hit enter. This will test connecting to your SSL protected website, while forcing the SSL v3 protocol.
If you receive a certificate from the server, with messages resembling the snip below, SSL 3.0 is still available and should be disabled as soon as possible:
New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3
If you receive an error such as below, you are NOT vulnerable, and SSL 3.0 isn’t available :
CONNECTED(00000003) 948:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:/SourceCache/OpenSSL098/OpenSSL098-52/src/ssl/s3_pkt.c:1125:SSL alert number 40 948:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-52/src/ssl/s3_pkt.c:546