On Tue, Oct 14, 2014 at 10:15:26PM -0400, Nick Mathewson wrote:
> Hi!  It's a new month, so that means there's a new attack on TLS.
> 
> This time, the attack is that many clients, when they find a server
> that doesn't support TLS, will downgrade to the ancient SSLv3.  And
> SSLv3 is subject to a new padding oracle attack.
> 
> There is a readable summary of the issue at
> https://www.imperialviolet.org/2014/10/14/poodle.html .
> 
> Tor itself is not affected: all released versions for a long time have
> shipped with TLSv1 enabled, and we have never had a fallback mechanism
> to SSLv3. Furthermore, Tor does not send the same secret encrypted in
> the same way in multiple connection attempts, so even if you could
> make Tor fall back to SSLv3, a padding oracle attack probably wouldn't
> help very much.
> 
> TorBrowser, on the other hand, does have the same default fallback
> mechanisms as Firefox.  I expect and hope the TorBrowser team will be
> releasing a new version soon with SSLv3 enabled.  But in the meantime,
> I think you can disable SSLv3 yourself by changing the value of the
> "security.tls.version.min" preference to 1.
>
> Obviously, this isn't a convenient way to do this; if you are
> uncertain of your ability to do so, waiting for an upgrade might be a
> good move.  In the meantime, if you have serious security requirements
> and you cannot disable SSLv3, it might be a good idea to avoid using
> the Internet for a week or two while this all shakes out.

Thanks Nick. Interestingly, but mostly uselessly for us, Mozilla
published an extension[0] that does this. Unfortunately they say it
only works on >= FF26 (without tweaking it) and Tor Browser 3.6 is
based on FF24.

For what it's worth, the extension[0] should work with the new Tor
Browser 4.0, but this is untested.

If you do make this config change, when you visit a site that only
supports SSLv3 or downgrades to it, you should receive a message that
says:

    Cannot communicate securely with peer: no common encryption algorithm(s).

    (Error code: ssl_error_no_cypher_overlap)


For those wondering, this works exactly the same on Tails (1.1.2), too.
(and yes, they spelled it "cypher").


I'm also curious what Mike, Georg, and the other TB Devs think. It
looks we need to wait until November when SSL will be disabled in
mainline Firefox[1].


[0] https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/
[1] 
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

> 
> best wishes to other residents of interesting times,
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Reply via email to