SSL security is based on the SSL/TLS protocol. The protocol has been released as SSL 1.0, SSL 2.0, SSL 3.0, TLS 1.0, TLS1.1 and TLS 1.2.
The first well-deployed version was SSL 3.0. Through the years, the protocol was moved over to the IETF and the TLS versions have been released. SSL 3.0 is an obsolete and insecure protocol; unfortunately, it is still widely deployed on most websites.
When a server and a browser negotiate SSL/TLS, they agree on the most secure version of SSL/TLS that each supports. However, the protocol allows the ability to downgrade to work around interoperability bugs. This allows a secure SSL handshake to be downgraded to SSL 3.0. This type of downgrade can be prompted by an attacker.
The POODLE attack (Padding Oracle On Downgraded Legacy Encryption) will allow items such as “secure” HTTP cookies or HTTP Authorization header contents to be stolen from downgraded communications. More information on how POODLE works can be found in the Security Advisory prepared by Google.
If POODLE is used against SSL 3.0, there is no workaround or corrective action that will mitigate the attack. The only solution is to stop supporting SSL 3.0. Disabling SSL 3.0 can be done either at the server or the client (e.g., browser) side.
Most server administrators should consider disabling SSL 3.0. We will also see releases of browsers that no longer support SSL 3.0. Mozilla plans to disable SSL 3.0 in Firefox 34 to be released in November. Google also plans to remove SSL 3.0 from its client products, such as Chrome, in the coming months.
For the latest information on the POODLE attack and SSL 3.0 vulnerabilities, visit Entrust's special resource center.
The downside to disabling SSL 3.0 is that the server will no longer support Microsoft Internet Explorer 6 (IE6). This may not be acceptable unless you can convince users to upgrade their version of IE or move to Chrome or Firefox.
If disabling SSL 3.0 is not acceptable due to interoperability concerns, then the server should make use of fallback protection called TLS_FALLBACK_SCSV. Fallback protection has been included in OpenSSL. Server administrators should check to see if fallback protection is supported in their servers. Regardless of POODLE, it is recommended that fallback protection be implemented, as it may protect against other attacks in the future.
The long-term good news is that the message will be pushed out to server administrators to finally remove support for a security protocol that has passed its time.