This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links

Version management

Difference between version and

At line 1 added 22 lines
!!! Overview
The [{$pagename}] attack [Exploits] a flaw that is specific to [SSLv3] with [CBC]-based [Cipher Suites].
[{$pagename}] relies on an often overlooked feature of [SSLv3]: most [Padding bit] are ignored.
In [TLS 1.0], the [Padding bits] (bytes added in a record to make the length compatible with [CBC] [Encryption], which only processes full blocks) is fully specified; all the bytes must have a specific value and the recipient checks that.
In [SSLv3], [Padding bits] contents are ignored, which allows an [attacker] to perform alterations that go mostly unnoticed. The alteration impact only non-applicative [data], but can be used as a [decryption] oracle in a way vaguely similar to [BEAST].
!! Resolution
The best Resolution we can find is to configure Servers to only allow [TLS 1.1] or [TLS 1.2].
There are some concerns of "older" devices, typically, smaller devices being able to support only [TLS 1.1] or [TLS 1.2]. Do your own due diligence.
!! More details can be read:
* [https://security.stackexchange.com/questions/70719/ssl3-poodle-vulnerability/70724#70724|https://security.stackexchange.com/questions/70719/ssl3-poodle-vulnerability/70724#70724|target='_blank']
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [How Does SSL TLS Work|https://security.stackexchange.com/questions/20803/how-does-ssl-tls-work/20847#20847|target='_blank'] - based on information obtained 2015-03-15