A vulnerability in SSLv3 encryption protocol was disclosed. This vulnerability, known as POODLE (Padding Oracle On Downgraded Legacy Encryption), allows an attacker to read information encrypted with this version of the protocol in plain text using a man-in-the-middle attack.
Although SSLv3 is an older version of the protocol which is mainly obsolete, many pieces of software still fall back on SSLv3 if better encryption options are not available. More importantly, it is possible for an attacker to force SSLv3 connections if it is an available alternative for both participants attempting a connection
How to test for SSL POODLE vulnerability?
$ openssl s_client -connect google.com:443 -ssl3
If there is a handshake failure then the server is not supporting SSLv3 and it is secure from this vulnerability. Otherwise it is required to disable SSLv3 support.
The POODLE vulnerability exists because the SSLv3 protocol does not adequately check the padding bytes that are sent with encrypted messages.
Since these cannot be verified by the receiving party, an attacker can replace these and pass them on to the intended destination. When done in a specific way, the modified payload will potentially be accepted by the recipient without complaint.
The POODLE vulnerability does not represent an implementation problem and is an inherent issue with the entire protocol, there is no workaround and the only reliable solution is to not use it.
In nginx configuration, just after the "ssl on;" line, add the following to allow only TLS protocols:
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
Apache Web Server
Inside /etc/httpd/conf.d/ssl.conf or httpd.conf you can find the SSLProtocol directive. If this is not available, create it. Modify this to explicitly remove support for SSLv3:
SSLProtocol all -SSLv3 -SSLv2
Ha-Proxy
To disable SSLv3 in an HAProxy load balancer, you will need to open the haproxy.cfg file.
sudo nano /etc/haproxy/haproxy.cfg
frontend name
bind public_ip:443 ssl crt /path/to/certs no-sslv3
Postfix
In Postfix conf /etc/postfix/main.cf add.
smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3
In Dovecot
sudo nano /etc/dovecot/conf.d/10-ssl.conf
ssl_protocols = !SSLv3 !SSLv2
Tomcat
Edit @ $TOMCAT_HOME/conf/server.xml.
Tomcat 5 and 6:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslEnabledProtocols = "TLSv1,TLSv1.1,TLSv1.2" />
Tomcat >= 7
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocols = "TLSv1,TLSv1.1,TLSv1.2" />
Although SSLv3 is an older version of the protocol which is mainly obsolete, many pieces of software still fall back on SSLv3 if better encryption options are not available. More importantly, it is possible for an attacker to force SSLv3 connections if it is an available alternative for both participants attempting a connection
How to test for SSL POODLE vulnerability?
$ openssl s_client -connect google.com:443 -ssl3
If there is a handshake failure then the server is not supporting SSLv3 and it is secure from this vulnerability. Otherwise it is required to disable SSLv3 support.
The POODLE vulnerability exists because the SSLv3 protocol does not adequately check the padding bytes that are sent with encrypted messages.
Since these cannot be verified by the receiving party, an attacker can replace these and pass them on to the intended destination. When done in a specific way, the modified payload will potentially be accepted by the recipient without complaint.
The POODLE vulnerability does not represent an implementation problem and is an inherent issue with the entire protocol, there is no workaround and the only reliable solution is to not use it.
In nginx configuration, just after the "ssl on;" line, add the following to allow only TLS protocols:
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
Apache Web Server
Inside /etc/httpd/conf.d/ssl.conf or httpd.conf you can find the SSLProtocol directive. If this is not available, create it. Modify this to explicitly remove support for SSLv3:
SSLProtocol all -SSLv3 -SSLv2
Ha-Proxy
To disable SSLv3 in an HAProxy load balancer, you will need to open the haproxy.cfg file.
sudo nano /etc/haproxy/haproxy.cfg
frontend name
bind public_ip:443 ssl crt /path/to/certs no-sslv3
Postfix
In Postfix conf /etc/postfix/main.cf add.
smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3
In Dovecot
sudo nano /etc/dovecot/conf.d/10-ssl.conf
ssl_protocols = !SSLv3 !SSLv2
Tomcat
Edit @ $TOMCAT_HOME/conf/server.xml.
Tomcat 5 and 6:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslEnabledProtocols = "TLSv1,TLSv1.1,TLSv1.2" />
Tomcat >= 7
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocols = "TLSv1,TLSv1.1,TLSv1.2" />