POODLE and SSLv3

This week has brought about the latest security vulnerability. Google’s Thai Duong, Krzysztof Kotowicz, and Bodo Möller made the vulnerability — POODLE (Padding Oracle On Downgraded Legacy Encryption) — public on Tuesday, October 14, 2014. POODLE is a padding oracle attack affecting Secure Sockets Layer (SSL) version 3 and in particular, CBC-mode ciphers. This vulnerability opens the door for possible man-in-the-middle attacks.

Adam Langley of Google provides some additional insight into POODLE:

“This should be an academic curiosity because SSLv3 was deprecated very nearly 15 years ago. However, the Internet is vast and full of bugs. The vastness means that a non-trivial number of SSLv3 servers still exist and workarounds for the bugs mean that an attacker can convince a browser to use SSLv3 even when both the browser and server support a more recent version. Thus, this attack is widely applicable.” (Emphasis not added)

He also provided some guidance for mitigation via TLS_FALLBACK_SCSV.

And Matthew Green, Assistant Research Professor of the Johns Hopkins Information Security Institute, provides an excellent summary of the vulnerability on his blog:

“it allows a clever attacker who can (a) control the Internet connection between your browser and the server, and (b) run some code (e.g., script) in your browser to potentially decrypt authentication cookies for sites such as Google, Yahoo and your bank.”

You may recall this isn’t the first time CBC has fallen under scrutiny; however, the other cipher used in SSLv3, RC4, has as well: BEAST, Lucky Thirteen, RC4 in TLS and WPA.

Zimbra and POODLE

Zimbra has provided guidance below regarding Zimbra’s products. For customers or partners: 1) if you leverage a SSL offload appliance please reach out to your appliance provider for guidance; 2) if Zimbra is hosting your solution, you will receive a direct communication from Zimbra in the next 48 hours.

We will provide updates to this post as new developments take shape. Thank you for your patience and understanding.

Zimbra Collaboration

Zimbra is providing documentation for how to disable SSLv3 for all instances of Zimbra Collaboration (8.0.x & 8.5.x), and is tracking the vulnerability in Zimbra’s bugzilla.

Zimbra Community/Social

For our community/social product, you must disable SSLv3 on your IIS server, which Microsoft has provided guidance for.

The original post contains an error; it doesn’t specify the name of the new (or generally existing) DWORD value that needs to be changed.  The correct entry is named “Enabled”.  If this exists, it should be set to “0” as the article specifies, if it does not, it should be created per the article’s instructions.

Zimbra Sync and Share (formerly Mezeo)

While Zimbra Sync and Share is not publicly available, we want to provide guidance for anyone running the software.

The server typically uses SSL termination at the load-balancer and not the product itself. In the cases where customer’s needs require a load-balancer, we help customers deploy HAProxy — who has written a POODLE mitigation blog post for their product

Additional Information

Several browser, server and OS vendors have posted tech notes or blogs:

,

15 Responses to POODLE and SSLv3

  1. Vineet October 18, 2014 at 7:50 AM #

    Stupid program. It’s getting impossible to change your tiny display fonts. How the hell do you do anything if you can’t even read what’s in front of you.

  2. Mike October 19, 2014 at 12:41 AM #

    Are there official patches in the works?

  3. Brendan Cosgrove October 26, 2014 at 2:06 AM #

    Hi Mike,

    Sorry I missed your comment earlier. Yes, we are working on patches for poodle as well as addressing the SSL issue.

    Thanks,

    Brendan Cosgrove
    Director of Product Management
    Zimbra

  4. Fernando October 31, 2014 at 11:26 AM #

    Will there be any patch/guide on how to disable SSLv3 on single-server 7.x installations? thanks

  5. Fernando November 3, 2014 at 10:55 AM #

    Yes, I read and implemented those measures, but they only work for proxied installs and postfix – AdminUI and general web access are still vulnerable.

  6. Eddel November 29, 2014 at 5:24 AM #

    Hi,

    You recommended haproxy. How can Haproxy frontend then admin page backend?

    Thanks,
    Eddel

  7. Rob Howard December 8, 2014 at 3:45 PM #

    Hi Eddel,

    Best place to ask the technical questions is here:
    http://community.zimbra.com/collaboration/

    Thanks,
    Rob

  8. Phil December 11, 2014 at 3:22 PM #

    Running 8.5.1 and a scan detects these vulnerable ciphers on port 993. Your wiki says it is not possible to resolve at this time. That is unacceptable! We have to be compliant for a PCI-DSS scan that is due next week. Please advise a fix.

    • Matthew Lewis
      Matthew Lewis December 11, 2014 at 3:24 PM #

      Hi Phil, I will escalate this immediately.

  9. Nate Duehr January 13, 2015 at 4:47 PM #

    Just a note of warning for those searching for information:

    It appears that some fixes for this were included in ZCS 8.6.0. However, after an update to 8.6.0 all Mac Outlook users (using IMAP transport) are completely locked out of being able to connect to ZCS.

    We have a support ticket going and there are other folks reporting it on the Community site, with no reasonable solution seen yet.

    Be forewarned… the Wiki page warns that very old clients such as Windows Phone 7 and ancient versions of MSIE can be affected, but says nothing about Outlook Mac 2011 and beyond.

    (We’ve tested with both the boxed and fully updated 14.x.x version and the new 15.x.x version only available to O365 subscribers. Neither work.)

    Be careful doing an 8.6.0 upgrade if you have Outlook Mac IMAP users.

  10. Nate Duehr January 13, 2015 at 4:48 PM #

    Additionally, this wiki does NOT give information on how to REVERT changes made in 8.6.0 specifically — some of the changes to disable SSLv3 in 8.5.0 MIGHT work to revert it on 8.6.0, but there’s no guarantees…

    https://wiki.zimbra.com/wiki/How_to_disable_SSLv3

  11. Nate Duehr January 13, 2015 at 4:54 PM #

    Additional link noting problem:

    http://community.zimbra.com/collaboration/f/1886/t/1137082

    No responses.

  12. Jorge de la Cruz February 4, 2015 at 8:21 PM #

    Hi guys,
    If you have problems login with IMAPS or Outlook in Mac, or Outlook in Windows, please try this commands and let us know:
    zmprov mcf +zimbraMailboxdSSLProtocols SSLv2Hello
    zmmailboxdctl restart

    This issue will be fixed in Zimbra Collaboration 8.7

    Best regards

Trackbacks/Pingbacks

  1. Crear certificados SSL con firma SHA256 en Zimbra | Blog Irontec - March 11, 2015

    […] Poodle SSLv3 […]