Oracle updates Java to stop SSL-chewing BEAST Firefox developers said Tuesday that they have no plans to keep the browser from working with the Java software framework now that Oracle has released a patch that prevents it from being used to decrypt sensitive web traffic. In a blog post published in late September and updated on Tuesday, Mozilla recommends that Firefox …
IMHO the best way to get everyone upgraded to newer SSL is for all the browsers to use it by default, and throw up a "This site uses an old type of security that may not be secure. Click OK to continue". I suspect that the major websites would get complaints and would update their web servers.
You don't have to completely switch off the older forms of SSL to get people moving over to the newer ones.
Great idea in theory, unworkable in practice for many businesses due to cost. For instance, IIS6 cannot support TLS 1.1 or higher (unless MS decide to release a free patch for schannel to support it which is unlikely), MS would be rubbing their hands in glee as they'll look to businesses to move all those sites to IIS7.5 on Windows 2008 which does support TLS 1.1 and 1.2 already. Add to that the time to test upgrades, migrate applications, provision new hardware, and train staff to support another version of Windows, and it's clear that it's not a small tweak to turn this on. In an ideal world MS would release a patch for schannel on Windows 2003 to add this to IIS6, but I seem to have left my rose-tinted glasses at home.
Moving to open source might help (say using Apache 2 on nix with mod_gnutls, as mod_ssl doesn't support TLS 1.1+ yet), but the cost of moving from Windows to nix might be more than simply going to Windows 2008 - it all depends on the IT dept capabilities and whether applications can be ported. A free OS doesn't mean that there's no cost implications. Moving to Apache on Windows 2003 won't help because the Win32 port uses the Microsoft Crypto API for SSL/TLS support, and that doesn't have TLS1.1+. Catch 22.
Short term making stream ciphers (such as RC4) preferential in the Windows crypto settings, or in the case of Windows 2003 disabled the CBC cyphers (you can't set a preferred order, just enable or disable cyphers individually), eliminates this vulnerability at the server side and doesn't appear to break anything (at least not that I've seen as yet).
"Great idea in theory, unworkable in practice for many businesses due to cost."
Yeah. I expect that's why my bank is using TLS 1.0.
In the short term, *some* businesses might hold back due to cost, but Apache will get there eventually and if MS want to turn basic security into a cash cow then I'm sure their customers will tell them where to stick their upgrade fee. In the absence of end-user awareness, however, I don't see any pressure on web server software vendors.
It doesn't need to claim the sky is falling. As far as I'm aware, if you have no other tabs or browser instances open, and the site itself is clean (which a bank ought to be) then there's no vulnerability. The warning message could therefore suggest this to the end-user as "best practice until we get a proper fix".
Why would adding support for TLS 1.1 or SSL 3.2 break TLS or SSL with older browsers? Is the code so badly written that the only option is an upgrade that removes compatibility with previous versions? If this is the case, then why have these developers not dropped support for 128bit or less (including Null) ciphers?
I think that's just wrong. The problem is that not all browsers support TLS 1.1 ; according to SANS Chrome, Firefox and Safari lacked support at the time of writing.
(http://isc.sans.edu/diary.html?storyid=11629).
Saying it's not hard to negotiate, or display a warning is true but putting the cart before the horse.
Not only do many browsers not support the latest TLS protocols, bur neither do the servers. And upgrading them to capable servers is non-trivial, presenting a chicken/egg problem: providers won't plunk down for the upgrade unless they HAVE to, but without a critical mass of supporting browsers, they won't FEEL they have to.
Updating browsers to support the latest TLS protocols is the obvious first step, then at least the servers currently out there which do support them can start using them. Only when all the main browsers have support can you start expecting it to be viable to update (and potentially enforce) the higher security levels.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
