Last Updated: 2014-10-14 22:05:39 UTC
by Johannes Ullrich (Version: 1)
Yesterday, a number of news sites published speculative reports about a possible OpenSSL bug to be fixed today. According to these reports, the bug affects SSL 3, and is "critical". Can't wait for the official announcement to see what is actually happening here ;-)
Initially, it looked like an OpenBSD patch lead to an answer, but turns out the patch was old (thx to those who wrote in and responded, in particular based on the tweet by @martijn_grooten ). But instead, there are new leads now, in particular a discussion on Stackexchange . In this discussion, a comment by Thomas Pornin outlines how padding in SSLv3 can lead to MitM attacks. This would be an outright attack against the SSLv3 protocol, and less against a specific implementation. It would affect clients as well as servers.
We will update this post as we learn more. At this point: Don't panic and wait for a patch from your respective vendor. We are not aware of any active exploitation of this problem, but please let us know if you see any evidence of that happening.
If you choose to disable SSLv3 on a server, but leave TLS 1.0 enabled, Windows XP with IE 6 will no longer be able to connect (but older versions of IE will be able to connect from Windows XP machines).
How can you test if a server supports SSLv3? Either use ssllabs.com, or using the openssl client: (if it connects, it supports SSLv3)
openssl s_client -ssl3 -connect [your web server]:443
How can I check if my browser can live without SSLv3? If you can read this, then you support TLSv1 or higher. I turned off SSLv3 support on this site for now. But pretty much all browsers support SSLv3.
You tell us not to panic, but you turned of SSLv3? Yes. I wanted to see what happens if I turn off SSLv3. So far, the only issue I found was Windows XP with IE 6, a configuration I probably don't want to support anyway.