IBM And ISVs Fight POODLE Vulnerability In SSL 3.0
November 10, 2014 Alex Woodie
IBM is among the software vendors working to issue patches to address the newly discovered POODLE attack, which exploits a vulnerability in SSL 3.0 to overcome encryption and view actual content. IBM has issued a patch for Domino and is currently working on a patch for WebSphere Application Server for IBM i. IBM i ISVs are also responding to the new threat.
The POODLE attack, which stands for “Padding Oracle On Downgraded Legacy Encryption,” was first described in September by a group of Google researchers. If successfully executed, the POODLE attack requires a perpetrator to make just 256 SSL 3.0 requests to reveal one byte of encrypted messages.
While the POODLE attack is not considered as serious as the Heartbleed or Shellshock vulnerabilities that rocked the cybersecurity world earlier this year, it is nevertheless a critical problem because it basically renders SSL 3.0 worthless from a security point of view. The problem is, many Web applications revert back to SSL 3.0 as the default. While TLS 1.x is more secure than SSL 3.0, the interoperability of SSL 3.0 makes it a popular choice among developers. (TLS is short for Transport Layer Security and is the new name of SSL to avoid a possible trademark issue with Netscape, the original commercializer of the Web browser. TLS 1.0 is equivalent to SSL 3.1.)
IBM addressed the POODLE problem in its various products. It issued a security bulletin for WebSphere Application Server, which uses SSL 3.0 by default. The associated patches disable SSL 3.0. It also issued a issued issued a security bulletin for the Apache-based HTTP Server, where SSL 3.0 is enabled by default. IBM recommends disabling SSL 3.0 in all instances of the Apache Web server, including those on IBM i, z/OS, AIX, Linux, Windows, and Solaris.
All versions of WebSphere are also vulnerable, including WebSphere Application Server for IBM i. IBM hasn’t yet delivered an update for this product or the IBM Developer Kit for Java, which is where the underlying encryption protocol changes need to be made. IBM says to check the Java on IBM i webpage for news of the patch.
On November 3, IBM issued an interim fix for Domino, which is also susceptible to the POODLE attack. The Domino fix disables SSL 3.0 and adds support for TLS 1.0. It supports all platforms, IBM says, including “iSeries running System SSL.” IBM Connections, the business social media software, is also vulnerable, since it uses the HTTP Server as well. You can read more about this at the IBM Connections website.
Other IBM i applications are also affected by this vulnerability. Third-party software vendors have been free to use IBM’s System SSL facility (which supports SSL as well as TLS) to encrypt communications on the platforms. Most, if not all, file transfer and 5250 emulators have used SSL at some point. However, most vendors have since moved toward using the Secure Shell (SSH) method of communication as a replacement for SSL.
Linoma Software addressed the POODLE vulnerability and its impact by issuing a patch for its GoAnywhere managed file transfer (MFT) products. The patch will either disable SSL 3.0, which the company recommends, while acknowledging that it may disrupt communications. “SSLv3 encryption,” the company writes on its website, “while significantly dated, is still widely used throughout the world.” The patch will also just disable the CBC cipher algorithms that are the heart of the problems in SSL 3.0.
At the very least, IBM i shops will want to disable any and all instances of SSL 3.0 running on their systems. Companies that have upgraded to the latest release of the OS, IBM i 7.2, will get this automatically. With IBM i 7.2, IBM supports TLS 1.1 and TLS 1.1 by default, and disables SSL 3.0 by default.
IBM i added support for TLS 1.1 and TLS 1.2 in early 2013 with IBM i 7.1 Technology Refresh 6, when it was already clear that SSL 3.0 was on its way out and TLS would soon be a requirement. TLS 1.1 has been available on the platform since OS/400 V4R5 was released in the early days of the millennium.
Back in 2013, IBM i chief architect Steve Will explained that IBM was aware of changes taking place with the SSL/TLS protocols, especially SSL 3.0, which has been in use for well over a decade. “Many institutions are saying, if I’m going to allow SSL, I want it to have the stronger hashing technique in order to be able to protect my data better when it’s flowing across an SSL encrypted line,” he told IT Jungle at the time.