Delivery-Date: Wed, 15 Oct 2014 03:21:22 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id D57171E105C;
	Wed, 15 Oct 2014 03:21:20 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 2A10E314E6;
	Wed, 15 Oct 2014 07:21:16 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 832DB314E4
 for <tor-talk@lists.torproject.org>; Wed, 15 Oct 2014 07:21:13 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 8MOu1Yb4O4Vc for <tor-talk@lists.torproject.org>;
 Wed, 15 Oct 2014 07:21:13 +0000 (UTC)
Received: from mail-wg0-x22c.google.com (mail-wg0-x22c.google.com
 [IPv6:2a00:1450:400c:c00::22c])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 40B44314E3
 for <tor-talk@lists.torproject.org>; Wed, 15 Oct 2014 07:21:13 +0000 (UTC)
Received: by mail-wg0-f44.google.com with SMTP id y10so632334wgg.15
 for <tor-talk@lists.torproject.org>; Wed, 15 Oct 2014 00:21:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=from:date:to:subject:message-id:references:mime-version
 :content-type:content-disposition:in-reply-to:user-agent;
 bh=3dt9lry+zLOyKExSwoJgVatqTBpWL31xvkDJ/rWgdf8=;
 b=XvlmNXiH3OxgQwajnreXLktz1NDDqHdxDY01Tt/agw409+qehlQcdxopYyBv9/ydaZ
 QH4Lub3hoXXf5Bj4DCuZcpSKUGSpKbNWyCx8BB1Z5miQ2n/OzeofoyEDf9xxdZA2qIUV
 HGvDqFLoIUmc98NFvEtAdB9Bx/YJFv208kSVy0AKOf/IgvMBsPuAn0tgEiYePUAhztBS
 cS52Y4S3p4/xjJiZjy/oprCo/M5T+A0VUF1diNhL42l/8svewji8AfgYJNrrzKjCbDLr
 Q69xuO+a6ENOTomvT9iL7x9h048YfMlkNwdnPFyAR1FSltYioBUE/b/qu6REARXoZbzb
 l4pQ==
X-Received: by 10.194.57.210 with SMTP id k18mr1126644wjq.110.1413357670283;
 Wed, 15 Oct 2014 00:21:10 -0700 (PDT)
Received: from localhost (worf.pulsedmedia.com. [195.154.226.66])
 by mx.google.com with ESMTPSA id fm10sm10571168wib.21.2014.10.15.00.21.07
 for <tor-talk@lists.torproject.org>
 (version=TLSv1.2 cipher=RC4-SHA bits=128/128);
 Wed, 15 Oct 2014 00:21:09 -0700 (PDT)
From: Matthew Finkel <matthew.finkel@gmail.com>
X-Google-Original-From: Matthew Finkel <Matthew.Finkel@gmail.com>
Date: Wed, 15 Oct 2014 07:21:00 +0000
To: tor-talk@lists.torproject.org
Message-ID: <20141015072057.GA15352@localhost>
References: <CAKDKvuyutPgxnLJyMeznMM9Uq6ow=aKLg6=1Q6qk8y0yT2mf3Q@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <CAKDKvuyutPgxnLJyMeznMM9Uq6ow=aKLg6=1Q6qk8y0yT2mf3Q@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [tor-talk] New SSLv3 attack: Turn off SSLv3 in your TorBrowser
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Tue, Oct 14, 2014 at 10:15:26PM -0400, Nick Mathewson wrote:
> Hi!  It's a new month, so that means there's a new attack on TLS.
> 
> This time, the attack is that many clients, when they find a server
> that doesn't support TLS, will downgrade to the ancient SSLv3.  And
> SSLv3 is subject to a new padding oracle attack.
> 
> There is a readable summary of the issue at
> https://www.imperialviolet.org/2014/10/14/poodle.html .
> 
> Tor itself is not affected: all released versions for a long time have
> shipped with TLSv1 enabled, and we have never had a fallback mechanism
> to SSLv3. Furthermore, Tor does not send the same secret encrypted in
> the same way in multiple connection attempts, so even if you could
> make Tor fall back to SSLv3, a padding oracle attack probably wouldn't
> help very much.
> 
> TorBrowser, on the other hand, does have the same default fallback
> mechanisms as Firefox.  I expect and hope the TorBrowser team will be
> releasing a new version soon with SSLv3 enabled.  But in the meantime,
> I think you can disable SSLv3 yourself by changing the value of the
> "security.tls.version.min" preference to 1.
>
> Obviously, this isn't a convenient way to do this; if you are
> uncertain of your ability to do so, waiting for an upgrade might be a
> good move.  In the meantime, if you have serious security requirements
> and you cannot disable SSLv3, it might be a good idea to avoid using
> the Internet for a week or two while this all shakes out.

Thanks Nick. Interestingly, but mostly uselessly for us, Mozilla
published an extension[0] that does this. Unfortunately they say it
only works on >= FF26 (without tweaking it) and Tor Browser 3.6 is
based on FF24.

For what it's worth, the extension[0] should work with the new Tor
Browser 4.0, but this is untested.

If you do make this config change, when you visit a site that only
supports SSLv3 or downgrades to it, you should receive a message that
says:

    Cannot communicate securely with peer: no common encryption algorithm(s).

    (Error code: ssl_error_no_cypher_overlap)


For those wondering, this works exactly the same on Tails (1.1.2), too.
(and yes, they spelled it "cypher").


I'm also curious what Mike, Georg, and the other TB Devs think. It
looks we need to wait until November when SSL will be disabled in
mainline Firefox[1].


[0] https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/
[1] https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

> 
> best wishes to other residents of interesting times,
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

