Updated On October 17, 2014 - 10:26am

Security Advisory - SSLv3 POODLE Vulnerability

Learn about the POODLE vulnerability affecting SSLv3

On Tuesday, October 14, details were released on what is being called the Poodle vulnerability. Poodle stands for Padding Oracle On Downgraded Legacy Encryption. The problem centers on the fact that in order to work with legacy servers, most TLS clients will downgrade each time a secure connection handshake fails. Once an attacker can downgrade the connection to SSLv3, the attacker can take advantage of a flaw in the SSLv3 standard that allows a man-in-the-middle attack and decrypt content being transferred over an SSLv3 connection.

Although SSLv3 is nearly 15 years old, and today almost all secure connections use TLS, most users are vulnerable because web browsers and servers will downgrade to SSLv3 if there are problems negotiating a TLS session. There is no patch to fix this vulnerability and the only solution is to disable SSLv3 as an accepted secure protocol on all servers and browsers. This is a vulnerability in the SSLv3 standard and not in any particular implementation and needs to be fixed on all servers and browsers.

We do not anticipate serious problems in disabling SSLv3 everywhere since it is almost never the only protocol accepted. Using statistics from Alexa, which consists of approximately 1 million servers from around the world, the following table illustrates the highest encryption level accepted by the percentage of the 1 million servers:
 

Percentage of ServersHighest Encryption Accepted
0.02%SSLv3
40.9%TLS 1.0
0.7%TLS 1.1
58.3%TLS 1.2


In other words, 99.9% of the servers accept some version of TLS and less than a tenth of a percent only accept SSLv3. It is because of these numbers that we do not anticipate any serious problems.


UCLA disabled SSLv3 on the UCLA Logon ID authentication servers Tuesday afternoon and we have had no reports of people having trouble logging in. Therefore, if someone can login to their UCLA Logon ID, they should not see any additional problems at UCLA. Additionally, all IT Services servers are being patched by the end of the week.

For the current recommendations on how to disable SSLv3 on servers, please see https://poodle.io/servers.html.

But SSLv3 also needs to be disabled on everyone’s browsers. UCLA is disabling SSLv3 on every campus server, but if someone from our campus community connects to an external server that has not disabled SSLv3, and they have not disabled SSLv3 on their browser, then they are still susceptible to the Poodle vulnerability and their session could be compromised.

In order to check if a browser is vulnerable, go to http://poodletest.com/ with that browser. If you see a Poodle, that browser is vulnerable to the Poodle vulnerability and could be exploited if it went to a site that also accepts SSLv3.

When the vulnerability was first announced on Tuesday, Internet Explorer, Safari, Firefox, Chrome and Opera on both Windows and Mac OSX were vulnerable. All the browser manufactures will eventually be turning off SSLv3, but in order to mitigate the current Poodle threat before the manufactures issue their fixes, please see https://poodle.io/browsers.html for instructions on how to disable SSLv3. This site will also tell you if your browser is vulnerable to Poodle.

For additional information for both layman and techies, please visit the IT Security website at https://www.itsecurity.ucla.edu/ and click the poodle.

References:

https://poodle.io/
https://poodletest.com/
http://blog.erratasec.com/2014/10/some-poodle-notes.html?m=1
https://technet.microsoft.com/en-us/library/security/3009008.aspx
http://threatpost.com/browser-vendors-move-to-disable-sslv3-in-wake-of-poodle-attack/108852
https://www.openssl.org/~bodo/ssl-poodle.pdf

Ross Bollens
Chief Information Security Officer
University of California, Los Angeles