{"id":1850,"date":"2014-10-14T16:15:42","date_gmt":"2014-10-14T23:15:42","guid":{"rendered":"https:\/\/blog.mozilla.org\/security\/?p=1850"},"modified":"2016-09-30T02:50:12","modified_gmt":"2016-09-30T09:50:12","slug":"the-poodle-attack-and-the-end-of-ssl-3-0","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2014\/10\/14\/the-poodle-attack-and-the-end-of-ssl-3-0\/","title":{"rendered":"The POODLE Attack and the End of SSL 3.0"},"content":{"rendered":"<p><strong>Summary<\/strong><\/p>\n<p>SSL version 3.0 is no longer secure. Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible, in order to avoid compromising users\u2019 private information.<\/p>\n<p>We have a plan to turn off SSLv3 in Firefox. This plan was developed with other browser vendors after a team at Google discovered a <a href=\"http:\/\/googleonlinesecurity.blogspot.co.uk\/2014\/10\/this-poodle-bites-exploiting-ssl-30.html\">critical flaw in SSLv3<\/a>, which can allow an attacker to extract secret information from inside of an encrypted transaction. SSLv3 is an old version of the security system that underlies secure Web transactions and is known as the \u201cSecure Sockets Layer\u201d (SSL) or \u201cTransport Layer Security\u201d (TLS).<\/p>\n<p><strong>Issue<\/strong><\/p>\n<p>In late September, a team at Google discovered a <a href=\"https:\/\/www.openssl.org\/~bodo\/ssl-poodle.pdf\">serious vulnerability in SSL 3.0<\/a> that can be exploited to steal certain confidential information, such as cookies. This vulnerability, known as \u201cPOODLE\u201d, is similar to the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Transport_Layer_Security#BEAST_attack\">BEAST<\/a> attack. By exploiting this vulnerability, an attacker can gain access to things like passwords and cookies, enabling him to access a user\u2019s private account data on a website.<\/p>\n<p>Any website that supports SSLv3 is vulnerable to POODLE, even if it also supports more recent versions of TLS. In particular, these servers are subject to a downgrade attack, in which the attacker tricks the browser into connecting with SSLv3. This relies on a behavior of browsers called insecure fallback, where browsers attempt to negotiate lower versions of TLS or SSL when connections fail.<\/p>\n<p>Today, Firefox uses SSLv3 for only about 0.3% of HTTPS connections. That\u2019s a small percentage, but due to the size of the Web, it still amounts to millions of transactions per day.<\/p>\n<p><strong>Impact<\/strong><\/p>\n<p>The POODLE attack can be used against any browser or website that supports SSLv3. This affects all current browsers and most websites. As noted above, only 0.3% of transactions actually use SSLv3. Though almost all websites allow connections with SSLv3 to support old browsers, it is rarely used, since there are very few browsers that don\u2019t support newer versions of TLS.<\/p>\n<p>Sites that require SSLv3 will remain vulnerable until they upgrade to a more recent version of TLS. According to measurements conducted by Mozilla and the <a href=\"https:\/\/zmap.io\/\">University of Michigan<\/a>, approximately 0.42% of the Alexa top million domains have some reliance on SSLv3 (usually due to a subdomain requiring SSLv3).<\/p>\n<p><strong>Status<\/strong><\/p>\n<p><strong>SSLv3 will be disabled by default in Firefox 34<\/strong>, which will be released on <strong>Nov 25<\/strong>. The code to disable it is landing today in Nightly, and will be promoted to Aurora and Beta in the next few weeks. This timing is intended to allow website operators some time to upgrade any servers that still rely on SSLv3.<\/p>\n<p>As an additional precaution, Firefox 35 will support a generic TLS downgrade protection mechanism known as <a href=\"https:\/\/tools.ietf.org\/html\/draft-ietf-tls-downgrade-scsv-00\">SCSV<\/a>. If this is supported by the server, it prevents attacks that rely on insecure fallback.<\/p>\n<p><strong>Additional Precautions<\/strong><\/p>\n<p>For Firefox users, the simplest way to stay safe is to ensure that Firefox is configured to automatically update. Look under Preferences \/ Advanced \/ Update and make sure that \u201cAutomatically install updates\u201d is checked.<\/p>\n<p>For users who don\u2019t want to wait till November 25th (when SSLv3 is disabled by default in Firefox 34), we have created the <a href=\"https:\/\/addons.mozilla.org\/en-US\/firefox\/addon\/ssl-version-control\/\">SSL Version Control<\/a> Firefox extension to disable SSLv3 immediately.<\/p>\n<p>Website operators should evaluate their traffic now and disable SSLv3 as soon as compatibility with legacy clients is no longer required. (The only remaining browser that does not support TLSv1.0 is Internet Explorer 6). We recommend following the intermediate configuration level from <a href=\"https:\/\/wiki.mozilla.org\/Security\/Server_Side_TLS\">Mozilla\u2019s Server Site TLS guidelines<\/a>.<\/p>\n<p>We realize that many sites still receive traffic from IE6 and cannot disable SSLv3 entirely. Those sites may have to maintain SSLv3 compatibility, and should actively encourage their users to migrate to a more secure browser as soon as possible.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Summary SSL version 3.0 is no longer secure. Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible, in order to avoid &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2014\/10\/14\/the-poodle-attack-and-the-end-of-ssl-3-0\/\">Read more<\/a><\/p>\n","protected":false},"author":998,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[69,45499],"tags":[],"coauthors":[282900],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The POODLE Attack and the End of SSL 3.0 - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2014\/10\/14\/the-poodle-attack-and-the-end-of-ssl-3-0\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Richard Barnes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2014\/10\/14\/the-poodle-attack-and-the-end-of-ssl-3-0\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2014\/10\/14\/the-poodle-attack-and-the-end-of-ssl-3-0\/\",\"name\":\"The POODLE Attack and the End of SSL 3.0 - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"datePublished\":\"2014-10-14T23:15:42+00:00\",\"dateModified\":\"2016-09-30T09:50:12+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/07606285eceef4058a743f3f8ec2e290\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2014\/10\/14\/the-poodle-attack-and-the-end-of-ssl-3-0\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2014\/10\/14\/the-poodle-attack-and-the-end-of-ssl-3-0\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2014\/10\/14\/the-poodle-attack-and-the-end-of-ssl-3-0\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The POODLE Attack and the End of SSL 3.0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/07606285eceef4058a743f3f8ec2e290\",\"name\":\"Richard Barnes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/6070530fd061c73fde0bc242f38e16cb\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a8148a9fe438c0b63cd06d650c6104f3?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a8148a9fe438c0b63cd06d650c6104f3?s=96&d=identicon&r=g\",\"caption\":\"Richard Barnes\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The POODLE Attack and the End of SSL 3.0 - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2014\/10\/14\/the-poodle-attack-and-the-end-of-ssl-3-0\/","twitter_misc":{"Written by":"Richard Barnes","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2014\/10\/14\/the-poodle-attack-and-the-end-of-ssl-3-0\/","url":"https:\/\/blog.mozilla.org\/security\/2014\/10\/14\/the-poodle-attack-and-the-end-of-ssl-3-0\/","name":"The POODLE Attack and the End of SSL 3.0 - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"datePublished":"2014-10-14T23:15:42+00:00","dateModified":"2016-09-30T09:50:12+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/07606285eceef4058a743f3f8ec2e290"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2014\/10\/14\/the-poodle-attack-and-the-end-of-ssl-3-0\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2014\/10\/14\/the-poodle-attack-and-the-end-of-ssl-3-0\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2014\/10\/14\/the-poodle-attack-and-the-end-of-ssl-3-0\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"The POODLE Attack and the End of SSL 3.0"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/07606285eceef4058a743f3f8ec2e290","name":"Richard Barnes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/6070530fd061c73fde0bc242f38e16cb","url":"https:\/\/secure.gravatar.com\/avatar\/a8148a9fe438c0b63cd06d650c6104f3?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a8148a9fe438c0b63cd06d650c6104f3?s=96&d=identicon&r=g","caption":"Richard Barnes"}}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/1850"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/998"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=1850"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/1850\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=1850"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=1850"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=1850"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=1850"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}