Google will finally put an end to Poodle-related problems with the launch of Chrome 40, which will disable SSL 3.0 completely.
The Poodle (“Padding Oracle On Downgraded Legacy Encryption”) flaw was revealed by Google last month.
It works by forcing an HTTPS connection to a site to use the less secure SSL 3.0. This ‘fallback’ could then allow an attacker to steal session cookies which could give them access to a victim’s online accounts.
Senior software engineer, Adam Langley, wrote in a note late last week that Google would be disabling that SSL 3.0 fallback from the next version of Chrome (39).
“SSLv3-fallback is only needed to support buggy HTTPS servers. Servers that correctly support only SSLv3 will continue to work (for now) but some buggy servers may stop working. The answer in these cases is to fix the server – TLS 1.0 is nearly 15 years old at this point,” he added.
“Fallback to SSLv3 is disabled on canary, dev and beta channels at the moment. However, because of a lack of time to translate a specific error message, beta (and thus stable, in time) will only show a generic error message when hitting a buggy server. Toggling ‘Details’ will show ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION, which identifies this issue.”
Langley said that in Chrome 40, Google will disable SSL 3.0 completely, shutting off any avenue for attack via Poodle.
“In time, SSLv3 client support will be removed from the code, so anyone re-enabling SSLv3 and/or fallback to it via policy, command line options or about:flags should not treat that as a long-term solution,” he explained.
In preparation for the SSL 3.0 switch off, Chrome 39 will show a yellow badge over the lock icon for SSL 3.0 sites, which will need to be updated to at least TLS 1.0 before Chrome 40 comes out.
“The enterprise-policy options SSLVersionMin and SSLVersionFallbackMin can be used to control the minimum SSL/TLS version and minimum fallback version in Chrome 39,” said Langley. “In Chrome 40, the minimum SSL/TLS version will also be controllable via about:flags.”
Poodle is not a high severity flaw, because launching such an attack would take significant time and effort. However, experts still urged admins to disable SSL 3.0. The OpenSSL Initiative also issued a patch for the bug days after it was publicized.