Removing SSLv3 in Chrome (opens in new tab)

(groups.google.com)

97 pointssilenteh11y ago35 comments

35 comments

Huge props to the Chromium team for doing this; it's an excellent precedent.

SSLv3 is broken, and the only reason it's been so well-supported is that the browsers were unwilling to break web servers; the operators of those servers can't be counted on to fix them, and users direct their ire at the browser vendors. But apparently there's a red line across which the browsers won't make up for broken server configurations, and POODLE crossed it.

aroch11y ago

Just to add, Firefox announced two weeks ago that SSLv3 would be disabled by default in Firefox v34[1], around late November.

[1] https://blog.mozilla.org/security/2014/10/14/the-poodle-atta...

TD-Linux11y ago

It's been turned off in Nightly for a while, and I've noticed several sites broken because of it - most notably, the T-Mobile payment website.

1 more reply

justcommenting11y ago

this is good news--Firefox leaving users vulnerable to well-known attacks by default for just a few months is actually a major improvement (not being sarcastic).

mozilla security engineers have a history of making excuses of the "let's continue doing this incredibly unsafe thing in Firefox in the name of legacy compatibility" variety. i'm thinking of folks like julien vehent & brian smith here, but kudos to the rest of the mozilla security team for finally starting to move beyond the tortured logic of defaults that leave all ff users vulnerable.

1 more reply

yuhong11y ago

It also helps that POODLE is in the news too.

ohyesyodo11y ago

I will say huge props when they actually remove it. Not when they just remove the fallback.

zdw11y ago

Why not go further?

I'd be all for very disturbing warnings for any version of TLS before 1.2, and somewhat scary warnings for low-security or non-PFS operational modes.

Basically, enough so that in a big company corporate would ring up the IT department to "fix the ssl site for giving an error", but not enough so that everyone clicks through the "ignorable warning".

tptacek11y ago

It wouldn't work. Users would see "very disturbing warnings" so often that the warnings would quickly stop disturbing them. Everyone --- everyone --- would blame the browsers, the way 3/4 of HN blamed Firefox when they enabled the fascist warning for self-signed certs (incidentally: a much more severe security problem than POODLE!).

If you want to think about "further", you want to suggest that Chromium disable support for TLS 1.1 and below. Nobody can ignore sites that break because they don't use the most secure variant of TLS. But that's obviously not going to happen.

yuhong11y ago

Yea, it would be likely a couple of years at least before we can disable TLS 1.0.

justcommenting11y ago

this is true, but if opera, firefox, chrome, and internet explorer all agreed to deprecate TLS 1.1 and below together (or at least implement scary warnings), i wonder if sites might respond differently.

it's an ecosystem problem, but also a collective action problem.

d64mdlekma11y ago

The last update to Iceweasel in Debian stable disabled SSLv3 over a week ago. So far I've only encountered one website I frequent that will need intervention, but otherwise it was hardly noticeable.

tshtf11y ago

Microsoft is planning the same: http://azure.microsoft.com/blog/2014/10/29/protecting-agains...

agildehaus11y ago

This link is not specific to what versions of IE this affects. Is it for all their supported versions 9 to 11?

yuhong11y ago

The funny thing is that IE6 is still supported, but only on Server 2003.

atesti11y ago

I have an old raid controller from 3ware. The management software runs on localhost, but for illadvised security reasons forces HTTPS. One day I was not able to connect anymore (with a browser running on that machine!) I had to hunt down an old version of Firefox to still be able to connect.

Therefore it is a bad idea to not provide a fallback. It's good if every login over the internet is proteceted by HTTPS and weak fallbacks are not used. But there are places where security is just irrelevant (like my localhost scenario, or legacy hardware in a trusted local network), where I'd rather have a way of doing a connection with any way possible, no matter how insecure. Old ciphers, old SSL, compatibility hacks etc.

I wish they would keep that code arount and make it possible to connect anyway

cube0011y ago

Keeping code around doesn't come free, it still needs to be maintained, tested, and provides an additional attack vector. You need to draw the line somewhere. As pointed out in the post TLS 1.0 is 15 years old and things are still using SSLv3.

iSnow11y ago

Why not keep a virtual machine frozen at a 2013 OS and browser around?

ck211y ago

Imagine the day researchers announce RC4 has been cracked for sure.

What a nightmare that year is going to be - so many legacy devices.

lnanek211y ago

The only time Chrome's over-zealous security has even shown up for me is when it doesn't let me login to WiFi that requires a login page. Which happens a lot. Oh, and maybe once the site in question had an expired certificate and I had to use another browser to access it. Wonderful.

TD-Linux11y ago

This is a problem on Firefox too now. It is due to the new ability for the browser to remember that pages are HTTPS only. For these routers, I generally use example.com as a non-HTTPS website to hit the login.

pluma11y ago

Have you tried clicking the small "Advanced" link on the error page and then selecting "Go there anyway"?

Doctor_Fegg11y ago

From the thread:

"While we're at it, can we add one of those glorious SSL failure screens to any sites that don't use HTTPS in a future version of Chrome?"

"We are working on something like that, but gentler."

YMMV, but: ugh.

grrowl11y ago

It's a Good Thing. For example, when Google announced they'll rank HTTPS sites slightly higher, CloudFlare announced adding SSL support to their free tier soon after, free certificates continue to be available. We should absolutely be pushing forward with secure and encrypted HTTP everywhere and be making it as easy as possible for developers to get on board.

mcosta11y ago

> encrypted HTTP everywhere

Do you really think everything, everything deserves encrypted comunication? cat photos too?

5 more replies

j / k navigate · click thread line to collapse

35 comments

tptacek11y ago

Huge props to the Chromium team for doing this; it's an excellent precedent.

aroch11y ago

Just to add, Firefox announced two weeks ago that SSLv3 would be disabled by default in Firefox v34[1], around late November.

[1] https://blog.mozilla.org/security/2014/10/14/the-poodle-atta...

TD-Linux11y ago

It's been turned off in Nightly for a while, and I've noticed several sites broken because of it - most notably, the T-Mobile payment website.

1 more reply

justcommenting11y ago

this is good news--Firefox leaving users vulnerable to well-known attacks by default for just a few months is actually a major improvement (not being sarcastic).

1 more reply

yuhong11y ago

It also helps that POODLE is in the news too.

ohyesyodo11y ago

I will say huge props when they actually remove it. Not when they just remove the fallback.

zdw11y ago

Why not go further?

I'd be all for very disturbing warnings for any version of TLS before 1.2, and somewhat scary warnings for low-security or non-PFS operational modes.

Basically, enough so that in a big company corporate would ring up the IT department to "fix the ssl site for giving an error", but not enough so that everyone clicks through the "ignorable warning".

tptacek11y ago

yuhong11y ago

Yea, it would be likely a couple of years at least before we can disable TLS 1.0.

justcommenting11y ago

it's an ecosystem problem, but also a collective action problem.

d64mdlekma11y ago

The last update to Iceweasel in Debian stable disabled SSLv3 over a week ago. So far I've only encountered one website I frequent that will need intervention, but otherwise it was hardly noticeable.

tshtf11y ago

Microsoft is planning the same: http://azure.microsoft.com/blog/2014/10/29/protecting-agains...

agildehaus11y ago

This link is not specific to what versions of IE this affects. Is it for all their supported versions 9 to 11?

yuhong11y ago

The funny thing is that IE6 is still supported, but only on Server 2003.

atesti11y ago

I wish they would keep that code arount and make it possible to connect anyway

cube0011y ago

iSnow11y ago

Why not keep a virtual machine frozen at a 2013 OS and browser around?

ck211y ago