Comments on: POODLE and the TLS_FALLBACK_SCSV Remedy http://www.exploresecurity.com/poodle-and-the-tls_fallback_scsv-remedy/ IT security tools, techniques and commentary Sun, 07 Sep 2025 03:12:25 +0000 hourly 1 http://wordpress.org/?v=3.6.1 By: Jerome http://www.exploresecurity.com/poodle-and-the-tls_fallback_scsv-remedy/#comment-5328 Jerome Thu, 13 Aug 2015 08:53:23 +0000 http://www.exploresecurity.com/?p=277#comment-5328 Before any data is sent, the client and server negotiate which cipher suite to use (as well as other parameters) before exchanging key material in such a way that they both end up with the same set of symmetric secrets, which a network man-in-the-middle can’t determine. At this point, the two endpoints check to see that the handshake hasn’t been tampered with by essentially hashing the previous Handshake* messages, which has encryption and integrity checking applied. Both the client and the server does this so, using their newly derived secrets, they can verify these Finished messages from each other, and thus they can be confident that the handshake has been negotiated without any funny business. In this way the handshake is protected.

* there is a specific set of Handshake messages (consult the RFC): other non-handshake messages may have been transmitted but won’t be included in the making of the Finished message. The most “famous” exception is the ChangeCipherSpec (CCS) message, which precedes the Finished message. This is why the OpenSSL CCS vulnerability (CVE-2014-0224) could be exploited, as the attacker’s CCS messages are not included in the handshake verification.

]]> By: alex http://www.exploresecurity.com/poodle-and-the-tls_fallback_scsv-remedy/#comment-5263 alex Sat, 08 Aug 2015 21:51:33 +0000 http://www.exploresecurity.com/?p=277#comment-5263 > Remember, the attacker can’t remove the TLS_FALLBACK_SCSV from the Client Hello because the handshake is cryptographically protected

Could you explain by what means it is protected? There is now signature over Cipher Suites in Client Hello.

]]> By: Jerome http://www.exploresecurity.com/poodle-and-the-tls_fallback_scsv-remedy/#comment-2996 Jerome Sun, 30 Nov 2014 22:36:10 +0000 http://www.exploresecurity.com/?p=277#comment-2996 Organisations might well have disabled SSLv3 (and v2) but IE8 supports TLSv1.0 by default so there’s no obvious reason why that browser wouldn’t connect. Test the domain you’re trying to connect to at SSL Labs and see which protocols it supports. Also check the “handshake simulation” section and see what it reports for IE8 under XP.

]]> By: Rich http://www.exploresecurity.com/poodle-and-the-tls_fallback_scsv-remedy/#comment-2907 Rich Tue, 25 Nov 2014 02:33:42 +0000 http://www.exploresecurity.com/?p=277#comment-2907 Hi I am trying to open my cragslist account and I cant access the page. I would like to know If I should play with my ssl2 and3 settings or if I should get windows 8 ? I`m running xp home sp2 ie8 seems like the poodle problem thanks for any feed back richardpelzer@netzero.net

]]> By: Darren Sandford http://www.exploresecurity.com/poodle-and-the-tls_fallback_scsv-remedy/#comment-2401 Darren Sandford Wed, 22 Oct 2014 13:54:48 +0000 http://www.exploresecurity.com/?p=277#comment-2401 Thanks! This is the clearest description of how TLS_FALLBACK_SCSV works, and more importantly it’s intention! Much appreciated!

]]> By: What is POODLE and how to detect it | serializethoughts http://www.exploresecurity.com/poodle-and-the-tls_fallback_scsv-remedy/#comment-2358 What is POODLE and how to detect it | serializethoughts Sun, 19 Oct 2014 04:19:02 +0000 http://www.exploresecurity.com/?p=277#comment-2358 […] then this attack can be carried out. To further read about TLS_FALLBACK_SCSV, you can visit here  and RFC […]

]]>