POODLE Attack - what it is and how to prevent it

  |   Lukas Pokorny

Last month, Google Security Team disclosed POODLE Attack - a vulnerability in SSL 3.0 protocol that makes it possible for attackers to reveal encrypted data with relative ease. Fortunately, newer versions of the SSL 3.0 protocol (TLS 1.0 and higher) do not suffer from this, so if you are connecting to a TLS-capable server, you are safe unless you explicitly disabled TLS in Rebex FTP/SSL or Rebex Secure Mail (IMAP/SSL, POP3/SSL and SMTP/SSL).

However, this does not apply to all third-party TLS/SSL client implementations - some of them use a workaround called "protocol downgrade dance" to solve interoperability bugs exhibited by some SSL 3.0 servers that don't properly reject requests to use TLS 1.0 or higher. These clients attempt to negotiate SSL 3.0 security when attempt to negotiate TLS 1.0 fails, which makes them vulnerable to man-in-the-middle attacks aimed at fooling the client into establishing an SSL 3.0 connection to servers that actually do support TLS 1.0 (or higher). Fortunately, none of our components uses "protocol downgrade dance" workaround, which means they are immune to this kind of attack and don't need to use TLS _FALLBACK _SCSV extension designed to make "protocol downgrade dance" safe.

In short, your applications based on our components are immune to POODLE attack if both of these conditions are true:

  1. Your FTP, IMAP, POP3 or SMTP server supports TLS 1.0.
  2. You have not disabled TLS 1.0 support in your application.

This said, SSL 3.0 is an obsolete and insecure protocol. It's more secure successor, TLS 1.0, has been around since January 1999, which means that time has come for SSL 3.0 to be disabled by default. Although the next release of Rebex components (2014 R3) will still support SSL 3.0 to make it possible to connect to legacy servers, it will be disabled by default.

To explicitly disable SSL 3.0, use the following code:

var client = new Ftp(); // applies to Imap, Pop3 and Smtp objects as well  
client.Settings.SslAllowedVersions &= ~TlsVersion.SSL30; // disable SSL 3.0 (recommended)  
client.Connect("server", SslMode.Explicit);  
...

To explicitly enable SSL 3.0, use the following code:

var client = new Ftp(); // applies to Imap, Pop3 and Smtp objects as well  
client.Settings.SslAllowedVersions |= TlsVersion.SSL30; // enable SSL 3.0 (not recommended)  
client.Connect("server", SslMode.Explicit);  
...