On 10/16/2014 10:42 PM, Nou Dadoun wrote:
A few short (simple) questions about the use of TLS_FALLBACK_SCSV since
we’re currently upgrading to the latest openssl releases.
We don’t establish sessions with any other products than our own clients
and servers.
We’ve already disabled the use of SSLv3 in both our client and server
releases going forward, is there any advantage in also using
TLS_FALLBACK_SCSV – i.e. will there be any benefit in connecting to our
already deployed clients and servers?
No, there is no benefit from TLS_FALLBACK_SCSV in this context. It only
helps clients which bypass the TLS downgrade protection, clients which
explicitly disable newer protocol versions which contain the fixes for
vulnerabilities discovered in SSL 3.0.
(I actually don’t think that we’re vulnerable to POODLE since we don’t
use anything like encrypted cookies or repeated messages that could be
used to exploit padding changes to “peel off” decoded chunks. Is there
any other mechanism to exploit this would make us vulnerable?)
You are not vulnerable because SSL 3.0 has been fixed years ago, and
OpenSSL automatically applies the relevant protocol fixes (unless you
have told the library not to do this). For technical reasons, the
protocol version number had to be bumped (this is just the way you fix
broken protocols), and for non-technical reasons, we call these protocol
fixes TLS 1.0, 1.1, 1.2 instead of SSL 3.1, 3.2, 3.3.
--
Florian Weimer / Red Hat Product Security
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org