Google To Disable Fallback To SSL 3.0 In Chrome 39 and Remove In Chrome 40 70
An anonymous reader writes Google today announced plans to disable fallback to version 3 of the SSL protocol in Chrome 39, and remove SSL 3.0 completely in Chrome 40. The decision follows the company's disclosure of a serious security vulnerability in SSL 3.0 on October 14, the attack for which it dubbed Padding Oracle On Downgraded Legacy Encryption (POODLE). Following Mozilla's decision on the same day to disable SSL 3.0 by default in Firefox 34, which will be released on November 25, Google has laid out its plans for Chrome. This was expected, given that Google Security Team's Bodo Möller stated at the time: "In the coming months, we hope to remove support for SSL 3.0 completely from our client products."
2014 (Score:5, Funny)
It may still not be the year of Linux on the desktop, but it is the year of silly names on serious exploits.
Re: (Score:3)
Computer Security is boring to most people, and when you give them funny names, or funny logos, issues become more likely popular, and are easier memorized.
Re: (Score:2)
Twitter shows you comments in most-recent-first mode, which is sometimes confusing when news breaks. A few weeks back my twitter feed was filling up with things like
"[dog emoji] [knife emoji] [knide] [knife] !!!"
and it took a while to get down to the comments about "there's a new vulnerability called 'Poodle' out today."
If lack of security updates didn't kill IE 6... (Score:1)
Re:If lack of security updates didn't kill IE 6... (Score:4, Informative)
Tools
Internet Options
Advanced
Security
Use TLS 1.0
OK
Re: (Score:2)
Re: (Score:2)
It does support TLS. Not to mention if nothing else has made them upgrade then this is also unlikely to be an impetus even if TLS wasn't supported.
Re: (Score:2)
There is no reason businesses that need IE6 for corporate intranet sites that cant be made to work with anything newer (or cant be made to work without spending money the business doesn't want to spend) cant go with a modern browser (be it Chrome, Firefox or whatever else) for browsing the internet and use IE6 only for accessing those intranet sites that are stuck on IE6.
Re: (Score:2)
Yeah, but not by default. I agree that this won't influence most businesses who are still running IE. But old grandma running IE 6 will find that her internet is broken, and will ask someone to fix it for her, which most likely will involve upgrading to an newer browser.
Re: (Score:3)
It may also bring back the days of banks requiring the use of IE, as none of the citi group websites support any version of TLS. Of course, those in the know should cancel their citi accounts. Even if you don't use their website, if their security is this lax in one area, it probably isn't great in others as well. Sucks for people with mortgages and such that are very expensive to move to another company, though.
Re: (Score:2)
Of course, those in the know should cancel their citi accounts.
this is true anyway. Citibank is pure fucking evil. Sadly, they were my only choice for a lender when I got a student loan.
Re: (Score:2)
https://www.ssllabs.com/ssltes... [ssllabs.com]
IE 11 / Win 8.1 R TLS 1.2 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
Chrome 37 / OS X R TLS 1.2 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
Firefox 32 / OS X R TLS 1.2 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) No FS 256
Other than the lack of Forward-Secrecy and lack of GCM it looks like Citi supports modern TLS.
Re: (Score:2)
... then this should do it since it can't use TLS.
I don't see it makes a difference. For anyone doomed to use IE6 for eternity, it won't matter what Google does in its own browser because they're not using it, at least not for whatever crappy internal website still requires IE6.
Pros and Cons (Score:2, Interesting)
While I respect this decision, I can't help but think many end users will see it as a broken browser and will use IE or something else for sites which no longer work with Chrome.
Chrome's market share will drop a bit unless/until all other browsers do this too.
Re: (Score:2)
Re: (Score:3)
"Today, Firefox uses SSLv3 for only about 0.3% of HTTPS connections." : https://blog.mozilla.org/secur... [mozilla.org]
The browser vendors act this fast only because SSL 3.0 isn't used for almost all connections.
Re: (Score:2)
another link: http://mzl.la/1G0vCdX [mzl.la]
Re: (Score:2)
For Windows only on Nov 25, but on Linux SSL3 has been disabled for some time. In Debian since Oct 18.
Re: (Score:3)
The state of SSL already behaves like a broken browser.
Why do I get a serious warning that says my communications are not private when I visit a website with a self-signed SSL certificate, but we get a free pass sending unencrypted information around the internet?
How is providing a base level of encryption less private or less secure then sending something in plaintext simply because the other end hasn't paid a fee to a third party?
Re: (Score:2)
How is providing a base level of encryption less private or less secure then sending something in plaintext simply because the other end hasn't paid a fee to a third party?
It is worse to have a false sense of security.
Re: (Score:2)
I don't have a false sense of security. Even without being able to verify who is on the other end I still am more secure knowing not everyone in between is listening in. Before you say MITM remember this has nothing to do with monitoring for changes in the signature. That can still be done regardless.
Security of my transmission and certainty of who I am taking two are two different things yet browsers treat one without the other as something mythically worse than nothing at all.
Re: (Score:2)
As the AC said, the browser isn't made for you - it is made for the average computer user, who has little to no education regarding security algorithms. I'm fairly geeky, and I would have trouble telling you a practical way to verify the authenticity of a self-signed cert. Frankly, I'm not even sure that people look for the little lock icon when they are banking, but at least if it is there you know that you are talking to the site you though you were.
Re: (Score:2)
I'm not asking for verification. The problem didn't always exist. Chrome used to provide sane error messages. I'm not asking to do away with them just grade them according to the risk.
Current version of chrome with a self signed certificate produces a warning saying "Your communication is not private" which is false. It's a big red warning and you get the choice to hit the cancel button or look for the text link that says "advanced".
A few versions ago it looked like this:
Self signed cert: Orange screen with
Re: (Score:2)
How is providing a base level of encryption less private or less secure then sending something in plaintext simply because the other end hasn't paid a fee to a third party?
It is worse to have a false sense of security.
Then don't show the padlock icon. Then the browser behaves the same as if somebody MITM'ed the connection over an http->https gateway. I can trick the average user into not using SSL at all, so why fuss with self-signed certificates?
Re: (Score:2)
Because people don't always look for the padlock icon. Chase Bank wants to make sure that every customer connects with SSL. If someone tries to MITM the bank, then they want the customer alerted. This is fail-safe. Your suggestion would simply turn off the little icon when a MITM attack was taking place, which probably would go unnoticed in a high percentage of cases.
Re: (Score:2)
Because people don't always look for the padlock icon. Chase Bank wants to make sure that every customer connects with SSL. If someone tries to MITM the bank, then they want the customer alerted. This is fail-safe. Your suggestion would simply turn off the little icon when a MITM attack was taking place, which probably would go unnoticed in a high percentage of cases.
This is why I'd really like to see this sort of thing move to DNSSEC. If your domain's website should always use SSL with a particular cert, then put it in DNS and then everybody knows. This also reduces the impact of bad CAs - you can only forge certificates for domains you control. So, the NSA can't issue a valid .cn domain certificate, and the Chinese can't issue a valid .com one. Right now trust is just black and white.
Re: (Score:2)
That does sound like a better system, though one that was impossible when SSL was first implemented.
Re: (Score:2)
Walled garden browsers (Score:2)
Every browser in the world allows you to add your own CA
Do you really mean "every browser in the world" that supports TLS or just "every major desktop browser" that supports TLS? I was under the impression that some of the browsers that run on home entertainment hardware lacked UI for adding a certificate. For example, where might I find CA options on, say, "Internet Channel powered by Opera" for the Wii video game console?
Re: (Score:2)
Neither HTTP, nor HTTPS with an untrusted certificate, are secure.
However, you don't expect HTTP to be secure. You do expect HTTPS to be secure. That's what the 'S' stands for.
Ahh false and false.
Starting with the latter, no one really expects HTTPS to be secure, because no one really looks to check. Ask most users how they can identify if they are using HTTPS / encryption / security on the internet and the'll probably just stare at you blankly. Yet when visiting a site they'll only ever get an error if the site is attempting to do something to encrypt the signal.
To the first point, HTTPS with an untrusted certificate is no less secure than HTTPS with a certificate which has bee
Re: (Score:2)
> and self signed certificates are far more secure than HTTPS
Right, and with I MITM the wireless AP you're on and replace the self signed with another, you'll go right on thinking you're secure.
Re: (Score:2)
> and self signed certificates are far more secure than HTTPS
Right, and with I MITM the wireless AP you're on and replace the self signed with another, you'll go right on thinking you're secure.
That is no different from what happens when you MITM a non-SSL connection.
I have no issues with distinguishing between self-signed and vendor-certified connections. I just don't think that self-signed should trigger MORE warnings than non-SSL connections. Maybe just don't show the padlock for self-signed, and possibly just give a non-scare warning that doesn't take a lot of work to click through the first time you see a particular certificate for a particular site.
Re: (Score:2)
Except in Android.
After installing a self-signed certificate every time you restart the phone you get a warning message saying "Network may be monitored". There is apparently no way to say "Yes, i know there is a user-installed certificate, stop telling me I'm hacking myself because I put it there on purpose"
True lack vs. false sense of security (Score:2)
Why do I get a serious warning that says my communications are not private when I visit a website with a self-signed SSL certificate, but we get a free pass sending unencrypted information around the internet?
The excuse I've seen trotted out is that a mismatch between the expected security guarantee impled by the URI scheme and the actual security guarantee of a particular connection. The http URI scheme warns the user in advance of a true lack of security, while https with an unknown certificate authority gives the user a false sense of security. StartSSL offers free personal use TLS certificates anyway.
Re: (Score:2)
Oh great so now there isn't even a monetary barrier anymore to getting certificates?
An unknown authority only provides me with a lack of information on who I am talking to. I don't need such an authority to know that who I am talking to is the same person who I was talking to yesterday, and that I am only talking to one person and not every person.
I have no problem with graded security levels providing they make sense. No warning on HTTP, but a critical warning on a self signed certificate, especially one w
Lack of SNI prior to April 2014 (Score:2)
Re: (Score:2)
While I do see the point in warning about the security level, most certs provide practically no actual identification beyond someone said they were X and now they're saying it again.
In truth, I would place greater trust in a self-signed cert that has the same signature as it did the last tome I visited the site than I would in a basic cert for a site I am visiting for the first time.
Day one MITM (Score:2)
Re: (Score:2)
That's the problem. A CA signed cert doesn't help much for that. The basic cert can be had in pretty much any name just by photoshopping a fake letterhead. Even the 'advanced' signed certs can be forged (and have been) under orders from NSA and similar shady criminal organizations. Really, only casual forgeries are prevented, but casual forgeries are unlikely to take the steps necessary to subvert DNS or routing required for any MITM attack Note too that if I attack your PC to subvert DNS or routing, I can
Re: (Score:2)
StartSSL offers free personal use TLS certificates anyway.
I hear they issue them freely, but they do not revoke them freely. So, I can only imagine how many pre-heartbleed certs they have floating around since nobody wants to revoke the bad ones.
Re: (Score:2)
How is providing a base level of encryption less private or less secure then sending something in plaintext simply because the other end hasn't paid a fee to a third party?
Exactly. The whole concept of a certifying authority is fundamentally broken. It's just a tax on security. If I'm a bank or merchant then it might be worth paying a CA a lot of money to come and verify I am who I say and how I store and control access to my cert. But the standard signature that most sites obtain is worse than fucking useless. At most it might verify my credit card or my fake id. It's just a tax and the net result plain text is the default.
Sites should be able to use unsigned keys for basi
StartSSL, DANE, Perspectives (Score:2)
The whole concept of a certifying authority is fundamentally broken.
Broken by StartSSL, which provides personal use certificates without charge.
Sites should be able to use unsigned keys for basic encryption.
They can. They just have to find some out-of-band way to get their keys onto visitors' machines in order to circumvent a MITM-from-day-one attack. This could involve DANE, which puts keys and certificates in DNSSEC. Or it could involve the Perspectives extension for Firefox, which verifies a site's certificate through diverse Internet routes between the site and notary ser
Re: (Score:2)
TL;DR: Install Perspectives if you want to use an unknown CA.
It's not a case of installing anything. It requires a whole new secure protocol that browsers support out of the box.
Broken by StartSSL, which provides personal use certificates without charge.
It's still a CA and it's demonstrative of the uselessness of a CA in the first place. The cert makes a scary box go away nothing more. Even if its free (in money) it's still an onerous task in time and effort to obtain a cert. And with my tinfoil hat on, why should I trust an operation in Israel to generate a trustworthy certificate for my site? It's not the first time a CA has been compromis
How to disable SSLv3 and test it. (Score:2)
How to disable SSLv3 and test it.
https://zmap.io/sslv3/browsers... [zmap.io]
(not affiliated with site, simply found ithttp://tech.slashdot.org/story/14/10/30/220221/google-to-disable-fallback-to-ssl-30-in-chrome-39-and-remove-in-chrome-40?utm_source=rss1.0mainlinkanon&utm_medium=feed# useful)
Re: (Score:2)
TLS 1.0 will likely get the same phase-out soon enough.
They should just jump to TLS 1.2.
When are they going to disable insecure downgrade? (Score:2)
Nice they are disabling SSL 3 however actual problem was not SSL 3 which everyone was on notice for years it was actually Google's intentional action to circumvent secure version negotiation in the first place which enabled SSL 3 to continue to be a problem in 2014.
Re: (Score:2)
But the Microsoft article is dated October 15.
Last time I checked, October 15th was before October 18th.
Eat that Philip Paradis (Score:2)
I happen to consult with Google frequently on stuff like this - the joys of being one of their top Helpouts providers on computer solutions. We've been discussing this since the vulnerability was discovered.
Philip Paradis apparently knows nothing, here.