2

The "POODLE" attack was made public in October, 2014. Why does Safari still support SSL 3.0 after POODLE showed it to be insecure?

Anders
  • 64,406
  • 24
  • 178
  • 215
Fernando
  • 705
  • 5
  • 17
  • 2
    This might be a question for the Safari team. We can only guess as to the reasons why Apple kept support. – schroeder Apr 20 '16 at 02:11
  • 4
    When I test my Safari against https://www.poodletest.com, it shows as not vulnerable. Apple took steps to block the Poodle attack, even if sslv3 is still supported. – schroeder Apr 20 '16 at 02:13

2 Answers2

3

Apple has released the Security Update 2014-005, disabling the CBC mode with SSLv3:

Security Update 2014-005

  • Secure Transport

Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5

Impact: An attacker may be able to decrypt data protected by SSL

Description: There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail.

CVE-ID

CVE-2014-3566: Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of Google Security Team

(Emphases are mine)

Therefore, even if Safari still support SSLv3, it is not vulnerable to the POODLE attack.

Yuriko
  • 941
  • 1
  • 6
  • 21
0

Why you're safe against Poodle

The Poodle Attack is against a very specific type of cipher that in combination with SSLv3.0 would lead to an attack vector. Avoiding those vulnerable types of ciphers prevents you from being attacked with that vector. That vector is no longer an angle of attack, so you can safely use SSLv3.0 without worry(hopefully). However newer, harder to crack version of Secure Socket Layer technology exist(often called TLS) that are preferred and should be used instead.

Why you should use TLS

Because no other attacks really exist against SSLv3.0 if you don't use the block ciphers, it it still considered "safe enough" for now. The problem is that it is "safe enough". This is true of all SSL technology at the moment(they are experimenting with more secure algorithms as we speak) since "with enough money and time, security is just a delay". Because of this, you want the time it takes to break that security to be as long as possible if it contains sensitive information. To this end you should use more advanced cipher and key exchange algorithms. This doesn't mean you shouldn't user sites that only support SSLv3.0 but that you should be moving to using TLS, possibly at the latest version available if possible and with a good cipher suite. These algorithms and systems take much longer to crack, and as such are much more "secure enough".

What to do if a website you visit doesn't support TLS

If a website you frequent doesn't support TLS, get in touch with their webmaster and ask why. If they have no plans to upgrade consider phasing out that website from your frequent list within the next decade or so. There are online tools to check the SSL strength of websites to make sure they are safe. If the site is safe enough for the foreseeable future, worry not! If it isn't then worry a bit. If the grade is really bad worry a lot and stop using that site ASAP after removing your information from it as much as possible.

More things you an do to protect yourself

  • Follow the basic tenants of security
  • Avoid using sign on systems on sensitive sites from public Wi-Fi access points (Man In The Middle attacks are far worse than Poodle
  • Keep your workstation physically secure

Following these tips you should be safe on almost any website you visit(assuming it's using good enough security).

Robert Mennell
  • 6,968
  • 1
  • 13
  • 38