2

So here's a situation, some of my company's partners notified us that they will be entirely disable their server's SSLv3 support.

This prompts my superior to take this chance to update our operation team's Internet browsers to disable support for SSLv3.

We know that Chrome and Firefox has already issued update to disable SSLv3, hence we ask them to update their browsers to the latest version. However even after we applied the latest update, when we ran through certain test, they still show the browser as vulnerable.

Even weird is, some of the PC would show vulnerable while some showing not vulnerable.

Any idea what's going on?

test used: https://www.poodletest.com/ https://zmap.io/sslv3/sslv3test.html

John
  • 21
  • 2

2 Answers2

4

Some companies have proxy servers that perform a MITM attack on all https traffic going through a company. So while SSL3 may be disabled on your browser, it might not be disabled on the proxy server, and the proxy server is what establishes the SSL connection to the test servers you're accessing.

If that's the case, you need to update your proxy server to disable all SSL3 traffic if you want to be sure to be safe from POODLE.

Steve Sether
  • 21,480
  • 8
  • 50
  • 76
1

Using the updated browsers isn't the mitigation for POODLE attack. The protocol SSLv3 should be disabled from the browser so that it starts a session only with TLS v1.0 . The mitigation for POODLE attack includes: 1.Disabling the support for SSLv3.0 from the server. 2.Disabling the support for SSLv3.0 from the browser. 3.Prevent TLS downgrade attacks by ensuring that both servers AND clients supports the new TLS_FALLBACK_SCSV. More info on mitigation of POODLE attack

Irfan
  • 121
  • 6
  • The question was purely about client side mitigation, not server side mitigation. You're right that both are important, but it's a bit beside the point. – Steve Sether Mar 17 '15 at 14:19