According to Red Hat Security Blog, NSS and GnuTLS are not themselves suseptible to a downgrade attack* -- Pidgin/libpurple would therefore only be vulnerable to a downgrade attack if specifically instructing NSS or GnuTLS to:
1) Try TLS 1.2; if that fails
2) Try TLS 1.1; if that fails
3) Try TLS 1.0; if that fails
4) Try SSL 3.0
The steps listed above are not part of proper built-in protocol negotiation** and would only be done by NSS/GnuTLS if Pidgin/libpurple have logic that customizes the protocol negotiation at their end (first instructing NSS/GnuTLS to try the highest protocol version, and if detecting failure then instructing NSS/GnuTLS to try the next highest, and so on until one works). Am I understanding correctly that Pidgin/libpurple do not have any such logic to control the protocol negotiation (and are therefore not vulnerable to the downgrade attack)?
Thanks so much for your patience in answering my questions.
* " ... browsers first try a recent TLS version, and if that fails, they attempt again with older protocol versions, until they end up at SSL 3.0, which suffers from the padding-related vulnerability described above. This behavior is sometimes called the compatibility dance. It is not part of TLS implementations such as OpenSSL, NSS, or GNUTLS; it is implemented by application code in client applications such as Firefox and Thunderbird." - https://securityblog.redhat.com/2014/10/15/poodle-a-ssl3-vulnerability-cve-2014-3566/
** "To work with legacy servers, many TLS clients implement a downgrade dance: in a first handshake attempt, offer the highest protocol version supported by the client; if this handshake fails, retry (possibly repeatedly) with earlier protocol versions. Unlike proper protocol version negotiation (if the client offers TLS 1.2, the server may respond with, say, TLS 1.0), this downgrade can also be triggered by network glitches, or by active attackers." - https://www.openssl.org/~bodo/ssl-poodle.pdf
Sent: Friday, October 17, 2014 at 7:05 PM
From: "Daniel Atallah" <datal...@pidgin.im>
To: "Lois Janes" <loistja...@mail.com>
Cc: "support@pidgin.im" <support@pidgin.im>
Subject: Re: is Pidgin vulnerable to the POODLE SSLv3 vulnerability?
From: "Daniel Atallah" <datal...@pidgin.im>
To: "Lois Janes" <loistja...@mail.com>
Cc: "support@pidgin.im" <support@pidgin.im>
Subject: Re: is Pidgin vulnerable to the POODLE SSLv3 vulnerability?
On Fri, Oct 17, 2014 at 9:27 AM, Lois Janes <loistja...@mail.com> wrote:
Is Pidgin vulnerable to the POODLE SSLv3 vulnerability?
I know that Pidgin doesn't offer a way to disable SSLv3 support, so I'm specifically interested in whether Pidgin is suseptible to a TLS/SSL downgrade attack?Does Pidgin retry failed connections with lower SSL/TLS protocol versions?Does Pidgin support TLS_FALLBACK_SCSV?
The answer to all these questions depends on which SSL/TLS (gnutls or NSS) library you're using with pidgin and the configuration of that library (which will depend on your OS).
Pidgin/libpurple itself has no direct interaction with the SSL/TLS handshake process.
-D
Lois
_______________________________________________
Support@pidgin.im mailing list
Want to unsubscribe? Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support
_______________________________________________ Support@pidgin.im mailing list Want to unsubscribe? Use this link: https://pidgin.im/cgi-bin/mailman/listinfo/support
