Tutorial

How To Protect your Server Against the POODLE SSLv3 Vulnerability

How To Protect your Server Against the POODLE SSLv3 Vulnerability

Introduction

On October 14th, 2014, a vulnerability in version 3 of the SSL encryption protocol was disclosed. This vulnerability, dubbed POODLE (Padding Oracle On Downgraded Legacy Encryption), allows an attacker to read information encrypted with this version of the protocol in plain text using a man-in-the-middle attack.

Although SSLv3 is an older version of the protocol which is mainly obsolete, many pieces of software still fall back on SSLv3 if better encryption options are not available. More importantly, it is possible for an attacker to force SSLv3 connections if it is an available alternative for both participants attempting a connection.

The POODLE vulnerability affects any services or clients that make it possible to communicate using SSLv3. Because this is a flaw with the protocol design, and not an implementation issue, every piece of software that uses SSLv3 is vulnerable.

To find out more information about the vulnerability, consult the CVE information found at CVE-2014-3566.

What is the POODLE Vulnerability?

The POODLE vulnerability is a weakness in version 3 of the SSL protocol that allows an attacker in a man-in-the-middle context to decipher the plain text content of an SSLv3 encrypted message.

Who is Affected by this Vulnerability?

This vulnerability affects every piece of software that can be coerced into communicating with SSLv3. This means that any software that implements a fallback mechanism that includes SSLv3 support is vulnerable and can be exploited.

Some common pieces of software that may be affected are web browsers, web servers, VPN servers, mail servers, etc.

How Does It Work?

In short, the POODLE vulnerability exists because the SSLv3 protocol does not adequately check the padding bytes that are sent with encrypted messages.

Since these cannot be verified by the receiving party, an attacker can replace these and pass them on to the intended destination. When done in a specific way, the modified payload will potentially be accepted by the recipient without complaint.

An average of once out of every 256 requests will accepted at the destination, allowing the attacker to decrypt a single byte. This can be repeated easily in order to progressively decrypt additional bytes. Any attacker able to repeatedly force a participant to resend data using this protocol can break the encryption in a very short amount of time.

How Can I Protect Myself?

Actions should be taken to ensure that you are not vulnerable in your roles as both a client and a server. Since encryption is usually negotiated between clients and servers, it is an issue that involves both parties.

Servers and clients should should take steps to disable SSLv3 support completely. Many applications use better encryption by default, but implement SSLv3 support as a fallback option. This should be disabled, as a malicious user can force SSLv3 communication if both participants allow it as an acceptable method.

How To Protect Common Applications

Below, we’ll cover how to disable SSLv3 on some common server applications. Take care to evaluate your servers to protect any additional services that may rely on SSL/TCP encryption.

Because the POODLE vulnerability does not represent an implementation problem and is an inherent issue with the entire protocol, there is no workaround and the only reliable solution is to not use it.

Nginx Web Server

To disable SSLv3 in the Nginx web server, you can use the ssl_protocols directive. This will be located in the server or http blocks in your configuration.

For instance, on Ubuntu, you can either add this globally to /etc/nginx/nginx.conf inside of the http block, or to each server block in the /etc/nginx/sites-enabled directory.

sudo nano /etc/nginx/nginx.conf

To disable SSLv3, your ssl_protocols directive should be set like this:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

You should restart the server after you have made the above modification:

sudo service nginx restart

Apache Web Server

To disable SSLv3 on the Apache web server, you will have to adjust the SSLProtocol directive provided by the mod_ssl module.

This directive can be set either at the server level or in a virtual host configuration. Depending on your distribution’s Apache configuration, the SSL configuration may be located in a separate file that is sourced.

On Ubuntu, the server-wide specification for servers can be adjusted by editing the /etc/apache2/mods-available/ssl.conf file. If mod_ssl is enabled, a symbolic link will connect this file to the mods-enabled subdirectory:

sudo nano /etc/apache2/mods-available/ssl.conf

On CentOS, you can can adjust this in the SSL configuration file located here (if SSL is enabled):

sudo nano /etc/httpd/conf.d/ssl.conf

Inside you can find the SSLProtocol directive. If this is not available, create it. Modify this to explicitly remove support for SSLv3:

SSLProtocol all -SSLv3 -SSLv2

Save and close the file. Restart the service to enable your changes.

On Ubuntu, you can type:

sudo service apache2 restart

On CentOS, this would be:

sudo service httpd restart

HAProxy Load Balancer

To disable SSLv3 in an HAProxy load balancer, you will need to open the haproxy.cfg file.

This is located at /etc/haproxy/haproxy.cfg:

sudo nano /etc/haproxy/haproxy.cfg

In your front end configuration, if you have SSL enabled, your bind directive will specify the public IP address and port. If you are using SSL, you will want to add no-sslv3 to the end of this line:

frontend name
    bind public_ip:443 ssl crt /path/to/certs no-sslv3

Save and close the file.

You will need to restart the service to implement the changes:

sudo service haproxy restart

OpenVPN VPN Server

Recent versions of OpenVPN actually do not allow SSLv3. The service is not vulnerable to this specific problem, so you will not need to adjust your configuration.

See this post on the OpenVPN forums for more information.

Postfix SMTP Server

If your Postfix configuration is set up to require encryption, it will use a directive called smtpd_tls_mandatory_protocols.

You can find this in the main Postfix configuration file:

sudo nano /etc/postfix/main.cf

For a Postfix server set up to use encryption at all times, you can ensure that SSLv3 and SSLv2 are not accepted by setting this parameter. If you do not force encryption, you do not have to do anything:

smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3

Save your configuration. Restart the service to implement your changes:

sudo service postfix restart

Dovecot IMAP and POP3 Server

In order to disable SSLv3 on a Dovecot server, you will need to adjust a directive called ssl_protocols. Depending on your distributions packaging methods, SSL configurations may be kept in an alternate configuration file.

For most distros, you can adjust this directive by opening this file:

sudo nano /etc/dovecot/conf.d/10-ssl.conf

Inside, if you are using Dovecot 2.1 or higher, set the ssl_protocols directive to disable SSLv2 and SSLv3:

ssl_protocols = !SSLv3 !SSLv2

If you are using a version of Dovecot lower than 2.1, you can set the ssl_cipher_list to disallow SSLv3 like this:

ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL:!SSLv3

Save and close the file.

Restart the service in order to implement your changes:

sudo service dovecot restart

Further Steps

Along with your server-side applications, you should also update any client applications.

In particular, web browsers may be vulnerable to this issue because of their step-down protocol negotiation. Ensure that your browsers do not allow SSLv3 as an acceptable encryption method. This may be adjustable in the settings or through the installation of an additional plugin or extension.

Conclusion

Due to widespread support for SSLv3, even when stronger encryption is enabled, this vulnerability is far reaching and dangerous. You will need to take measures to protect yourself as both a consumer and provider of any resources that utilize SSL encryption.

Be sure to check out all of your network-accessible services that may leverage SSL/TLS in any form. Often, these applications require explicit instructions to completely disable weaker forms of encryption like SSLv3.

Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.

Learn more about us


About the authors

Still looking for an answer?

Ask a questionSearch for more help

Was this helpful?
 
10 Comments


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Note to Apache users, check your virtual hosts for any setting to SSLProtocol, as that will override the server wide configuration.

Thank Justin for another excellent tutorial. Did you get your promotion yet because you deserve one.

If someone has not mentioned it already you can go here to https://www.ssllabs.com/ssltest/index.html to test your site to see if the nasty POODLE vulnerability has been removed. Cheers!

Anyone have an idea on how to disable it on Pound Proxy?

I need to get a SSL Grade A test result from SSL Labs.

What should be the possible Ciphers to use?

Could not find file /etc/apache2/mods-enabled/ authz_default.load: No such file…

The file is there in red letters. My site is down. What now?

For haproxy it isn’t necessary to add “no-sslv3” exaclty to the end of line, it works in any part of line after the bind keyword.

Here is the similar guide on how to tackle the SSLv3 Security vulnerability a.k.a. POODLE: http://blog.miteshganatra.com/sslv3-security-vulnerability-a-k-a-poodle/

Here’s a helpful article for securing node.js apps against POODLE attacks: https://chromabits.com/post/poodle-and-nodejs

I don’t use ssl on my server. and all settings for ssl3 are commented out. Do I need to worry about POODLE?

ok, so how to disable sslv3 in dovecot 1.2 (ubuntu 12.04) ?

dovecot ssl_protocols only works in versions +2.1

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Join the Tech Talk
Success! Thank you! Please check your email for further details.

Please complete your information!

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel