The net is buzzing about an "OpenSSL Potential SSL 2.0 Rollback Vulnerability" (1, 2) where you can trick your SSL v3 to roll back to SSL v2. There are then some security weaknesses in SSL v2 that can be exploited to break in.
Annoyingly, none of the security advisories that I saw said what should be the obvious workaround: *TURN OFF SSL V2! NOW!* It's an old protocol, it's done its job and deserves to be put out to pasture. Give it an apple a day and let it enjoy its last few years without shame.
The presence of SSL v2 continues to embarrass us with insecurity. This security advisory is the least of worries, by far the greater effect is that with SSL v2 delivered as a default protocol, all browsers and all web servers end up negotiating SSL v2. That's because the HELLO negotiation can only cope with both v2 and v3 nodes if it assumes the first, and both nodes will then fall back to SSL v2. Maybe the security advisory should be extended to all the browsers and web servers out there?
Meanwhile, the reason we care is not because an MITM could break into SSL v2 (fat chance of that happening) but because we can't do virtual hosts without SSL v3. This is a good solid pragmatic user and business reason and cryptoengineers, security experts and the like are not expected to understand this: Without virtual hosts, we can't spread SSL to be a *routine* protection for all web sites. And without SSL being a *routine* protection, the security model in the browser won't get fixed and phishing rampantly pillages its way through suburban america like a bad 90s music revival. Depressing, expensive and accompanied by lots of screaming and wailing when people realise their wallets just got emptied by ... well, like any revival, we don't really want to admit we know who it was by.
Anway, the upshot is that the security advisory misses the chance to deliver any security to people. SSL remains SNAFU: Situation Normal, All F**ked Up.
Posted by iang at October 11, 2005 12:01 PM | TrackBack