On 10/15/2014 2:58 AM, Ray Satiro wrote:
I read today of a new method to decrypt SSL called POODLE. If you haven't read of it you should. It works by using SSL fallback behavior to get SSLv3 which can now be decrypted [1][2].
To be more correct on this POODLE "allows a network attacker to extract the plaintext of targeted parts of an SSL connection, usually cookie data" [1].
The OpenSSL that was released today has TLS_FALLBACK_SCSV [2] that looks to solve the fallback behavior if the server and client support it. "OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade" [3]. What about enabling this by default when it's available, something like if(!conn->data->set.ssl_disable_scsv) SSL_CTX_set_mode(connssl->ctx, SSL_MODE_SEND_FALLBACK_SCSV), and something could be put in CURLOPT_SSL_OPTIONS to allow the user disable it like was done for BEAST, like CURLSSLOPT_ALLOW_DOWNGRADE_ATTACK would set ssl_disable_scsv true.
1: https://www.imperialviolet.org/2014/10/14/poodle.html 2: https://www.openssl.org/~bodo/ssl-poodle.pdf 3: https://www.openssl.org/news/vulnerabilities.html#2014-3568 ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
