Bad SSL 3

The Dog’s Biggest Bite
 History
 Start Communication
 Protocol Weakness
 Issues
 1994 – Netscape Communications Design SSL
 Version Never Released Publicly
 1995 – SSL 2.0 Release as Part of Netscape Navigator
 1996 – V3.0 Redesign of Protocol
 Address 2.0 Vulnerabilities
 First Version to Authenticate Handshake Messages
Prevents Attackers from Triggering Downgrade protocol
 1999 – IETF Publishes TLS 1.0 Standard
Start Communication
 Handshake
 Agree on Shared Secret Key
 Includes
Cipher Algorithms
 Block Cipher Most Common Used
 If Both Cannot Agree On Protocol
 Downgrade Dance
Start Communication
 Handshake
 Client Hello
Information that the server needs to communicate with the
client using SSL.
Including SSL version number, cipher settings, sessionspecific data.
 Server Hello
 Information that the client needs to communicate with the
server using SSL.
 Including SSL version number, cipher settings, sessionspecific data.
 Including Server’s Certificate (Public Key)
Start Communication
 Authentication and Pre-Mater Secret
Client authenticates the server certificate. (e.g. Common
Name / Date / Issuer)
Client (depending on the cipher) creates the pre-master secret
for the session,
Encrypts with the server's public key and sends the encrypted
pre-master secret to the server
 Decryption and Master Secret
Server uses its private key to decrypt the pre-master secret,
Both Server and Client perform steps to generate the master
secret with the agreed cipher.
Start Communication
 Generate Session Keys
Both the client and the server use the master secret to
generate the session keys, which are symmetric keys used to
encrypt and decrypt information exchanged during the SSL
 Encryption with Session Keys
Both client and server exchange messages to inform that
future messages will be encrypted.
Protocol Weakness
 Today Agreement on Process to Produce
Authenticated Encrypted Data
 Not True When SSL was Created
 Today Encrypt-Then-Mac (Message Authentication
 SSL uses Mac-Then-Encrypt
 POODLE –Padding Oracle On Downgraded Legacy
 Attacker Takes Advantage of Downgrade Dance
 Works by Using Padding
 Padding is Created by Block Cipher
 Attacker Gets 1 byte out of Every 256 Requests
 Attacker Can Retrieve n Bytes of Data in 256 X n
 Work as part of Man-In-The-Middle (MITM)
 Turn Off SSL V3.0
 Could Lock Out 1% - 5% of Users (XP /IE 6)
 Must Achive MITM Before Using Attack Vector
 Exploit Not as Bad as HeartBleed, Implementation

similar documents