[fc-discuss] Financial Cryptography Update: SSL v2 SNAFU

iang@iang.org iang@iang.org
Tue, 11 Oct 2005 17:11:58 +0100 (BST)

(((((((((((((( Financial Cryptography Update: SSL v2 SNAFU ))))))))))))))

                            October 11, 2005




The net is buzzing about an "OpenSSL Potential SSL 2.0 Rollback
Vulnerability" where you can trick your SSL v3 to roll back to SSL v2. 
There are then some security weaknesses in SSL v2 that can be exploited
to break in.


Annoyingly, none of the security advisories that I saw said what should
be the obvious workaround:  *TURN OFF SSL V2!  NOW!*  It's an old
protocol, it's done its job and deserves to be put out to pasture. 
Give it an apple a day and let it enjoy its last few years without

The presence of SSL v2 continues to embarrass us with insecurity.  This
security advisory is the least of worries, by far the greater effect is
that with SSL v2 delivered as a default protocol, all browsers and all
web servers end up negotiating SSL v2.	That's because the HELLO
negotiation can only cope with both v2 and v3 nodes if it assumes the
first, and both nodes will then fall back to SSL v2.  Maybe the
security advisory should be extended to all the browsers and web
servers out there?

Meanwhile, the reason we care is not because an MITM could break into
SSL v2 (fat chance of that happening) but because we can't do virtual
hosts without SSL v3.  This is a good solid pragmatic user and business
reason and cryptoengineers, security experts and the like are not
expected to understand this:  Without virtual hosts, we can't spread
SSL to be a *routine* protection for all web sites.  And without SSL
being a *routine* protection, the security model in the browser won't
get fixed and phishing rampantly pillages its way through suburban
america like a bad 90s music revival.  Depressing, expensive and
accompanied by lots of screaming and wailing when people realise their
wallets just got emptied by ... well, like any revival, we don't really
want to admit we know who it was by.


Anway, the upshot is that the security advisory misses the chance to
deliver any security to people.  SSL remains SNAFU:  Situation Normal,
All F**ked Up.

Powered by Movable Type
Version 2.64