Number: IRCNE2014122399
Date: 2014/12/16
According to “zdnet”, Google SSL guru Adam Langley has revealed that many TLS implementations are vulnerable to an attack similar to the POODLE attack from several weeks ago which affected only SSL version 3.
SSLv3 did not effectively specify the padding of data in CBC-mode ciphers. The lack of a hard specification made effective checking of the blocks for irregularities impossible. This opened the system to what is called an "oracle attack."
After SSL version 3 the specification was renamed TLS and reset to version 1.0. One change in TLS 1.0 was to fully specify the contents of padding bytes, preventing this attack.
But it turns out that some TLS implementations still didn't check the padding bytes, despite the ability to do so.
There have been no reports of widespread (or even narrowspread) exploits of POODLE, but Google and many other companies are well on their way to stopping servers from falling back to SSLv3 connections.
Langley says that both F5 and A10 networking equipment are affected. F5 has released updates. A10 planned to, but I cannot confirm that they have.
Langley closes by reminding readers that "...everything less than TLS 1.2 with an AEAD cipher suite is cryptographically broken," including many implementations which conform to current specifications. Doing cryptography right is hard.
- 3