Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 15 Oct 2014 09:20:18 +0200
From: Hanno Böck <>
Subject: Re: SSL POODLE

Am Wed, 15 Oct 2014 09:10:24 +0200
schrieb Florian Weimer <>:

> As far as I can tell, the TLS downgrade protecton mechanism
> work. However, browsers have an out-of-protocol, unprotected
> downgrade mechanism to SSL 3.0.  (The Firefox function is called 
> “retryDueToTLSIntolerance”.)  I think we would be better off
> disabling *that* mechanism (for which configuration knob seems to
> exist, alas), instead of disabling SSL 3.0 or adding a different
> protocol version probing mechanism.


I've argued for that since... 2008!

Basically that's one of the scary parts of this:
1. We have an in-protocol downgrade mechanism
2. People develop broken SSL implementations that don't work with that
3. Browsers have a non-protocol workaround that allows out-of-protocol
4. These downgrades cause compatibility issues
5. People put more duct tape around this workaround (that's not part of
the protocol) by inventing a new protocol (SCSV) that adds more
complexity to TLS
6. These downgrades cause security issues (NOT the first time!
One of the Blackhat Virtual Host Confusion attacks also relied on these

Basically I'd group POODLE together with BERserk as the "we could've
avoided it"-vulnerabilities in SSL/TLS.

Hanno Böck


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.