Google researchers have discovered a vulnerability in a version of the SSL (secure sockets layer) web encryption protocol which allows attackers to break its cryptographic security.
The SSL protocol creates a secure connection between a client and a server using two keys - one public and one private - to transmit private documents, and is visible to internet browsers by the "https" prefix on a URL.
The version in question, SSL 3.0, is almost 15 years old but is still widely supported by nearly all web browsers.
Significantly, SSL 3.0 also operates as a fallback option for when browsers attempt to work around bugs in HTTPS servers.
Google security researcher Bodo Möller today revealed an attacker can trigger the use of SSL 3.0 and exploit the newfound vulnerability by causing connection failures and forcing browsers to retry connections to older protocol versions.
"Our POODLE attack (Padding Oracle On Downgraded Legacy Encryption) will allow them, for example, to steal “secure” HTTP cookies (or other bearertokens such as HTTP Authorisation header contents)," he wrote in an advisory.
Möller said disabling SSL 3.0 support in the client and/or server would be sufficient to address the issue but admitted it would present significant compatibility problems.
"Therefore our recommended response is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0," he wrote in a blog post.
"It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks."
Möller said Google's Chrome browser had supported TLS_FALLBACK_SCSV since February, and the company had "good evidence" it could be used without compatibility problems.
Google would also begin testing changes in Chrome that disable the fallback to SSL 3.0 from today, he said. He expected the changes to break some sites, which would need to be updated "quickly".
Möller said Google planned to remove support for SSL 3.0 entirely from its client products "in the coming months".
Content delivery network and domain name server provider CloudFlare quickly announced it had disabled SSLv3 across its network by default for all customers.
Firefox owner Mozilla said SSL 3.0 would be disabled by default in Firefox 34, which is due for release in late November. The company said Firefox currently uses SSL 3.0 for around 0.3 percent of HTTPS connections.
"That’s a small percentage, but due to the size of the web, it still amounts to millions of transactions per day," the company wrote in a blog post.
Mozilla said it would additionally offer the SCSV TLS downgrade protection mechanism in Firefox 35, and encouraged Firefox users to ensure their browser was configured to automatically update.
"For users who don’t want to wait till November 25th (when SSLv3 is disabled by default in Firefox 34), we have created the SSL Version Control Firefox extension to disable SSLv3 immediately."
It's not the first time SSL 3.0 has been revealed to be vulnerable to attack - security issues involving the protocol version have been raised numerous times in past years.
