Google has published details of a vulnerability in the design of SSL version 3.0. The attack, referred to as POODLE (Padding Oracle On Downgraded Legacy Encryption), allows the plaintext of secure connections to be calculated by a network attacker according to a Google blog post on the matter.
Despite the fact that SSL 3.0 is nearly 15 years old at this point and has since been replaced by multiple versions of TLS, the vulnerability is still a concern as support for it remains widespread. Browsers will retry failed connections with older protocol versions, including SSL 3.0. And since a network attacker can cause connection failures, they can trigger the use of SSL 3.0 then exploit POODLE.
Googler Bobo Moller, who discovered the vulnerability along with Thai Duong and Krzysztof Kotowicz, notes that disabling SSL 3.0 support or CBC-mode ciphers with SSL 3.0 is sufficient to mitigate the issue but presents a wealth of compatibility problems. As such, the recommended response is to support TLS_FALLBACK_SCSV.
This mechanism solves the problems caused by retrying failed connections which prevents an attacker from forcing browsers to revert back to SSL 3.0.
Moller added that Chrome and Google’s servers have supported TLS_FALLBACK_SCSV since February which shows it can be used without compatibility issues. What’s more, they will begin testing Chrome with changes that disable the fallback to SSL 3.0.
While not as serious and far-reaching as Heartbleed was, there’s still a legitimate reason to be concerned.