Opera vs Poodle flaw

  • Moderator

    Hi, Opera 12.x (clean profile) is shown as "not vulnerable" to Poodle attack by the site https://www.poodletest.com/ SSLv3 is enabled by default in Opera 12.16 but after the test done, SSLv3 is automatically disabled. Can someone (Yngve ?) explain the behavior ? Thanks :) Attachments: [img]https://forum.vivaldi.net/uploads/attachments/475/op12poodletest.jpeg[/img]

  • Vivaldi Team

    Opera 12 is actually partially resistant to the Poodle attack.

    For Opera 12 to be able to resist the attack the server have to be patched for the TLS Renego vulnerability, and have to support at least TLS 1.0. When the server has this patch, which is deployed by more than 80% of servers, Opera 12 will refuse to perform a version rollback (The poodle attack require that the client have established an SSL v3 connection) and rather fail the connection if it can't connect signaling its highest enabled SSL/TLS version. The background is included in this article.

    Opera 12 is still vulnerable if you manually disable TLS 1.x in the browser, or the server only support SSL v3, as in these cases SSL v3 is the only possible protocol version that can be negotiated, or if the the server is not patched for the Renego problem, in which case a version rollback will work. It's been almost two years since I last looked at the relevant code, so I am no longer sure about the details, but Opera 12 might be able to to resist the rollback part of the attack if you have visited the site in the past 30 days, since Opera 12 also stores the previously negotiated TLS version of the server, and IIRC will refuse to rollback if it can't negotiate that version while the cached info is valid.

    Essentially, the only way to block the attack is to disable SSLv3, or be able to detect or prevent a version rollback attack. Opera 12 is able to prevent a rollback attack under certain conditions.

    One of the suggested countermeasures is to rely on a version rollback detection system, and a standardized system for that is currently being completed in the IETF TLS WG. This system is different from the one Opera 12 is using, and it requires that both browsers and servers be updated, and the server update requirement is one the reasons I don't like the approach, as this will leave clients and services vulnerable for many years (5+) to come.

    Quite frankly, in my opinion the best way for browsers to counteract this problem is to remove support for SSL v3 completely. That may initially break some sites (less than 1%) that only support SSL v3, but those sites are likely running software (inlcuding the OS) that is 15-18 years old, and have probably not been updated since, and it would surprise me if those sites are in any way secure.

  • Moderator

    Thanks you so much for a such precise and fast answer !

  • @ra-mon: Thank you for the question.
    @yngve: Thank you for the answer.

    Much appreciated. :)


    Finally, Opera 12 is taking the lead with disabling SSLv3 support! Since we are not able to apply the countermeasure to all of the remaining Opera 12 installations (and it also does not support TLS_FALLBACK_SCSV), we have remotely turned off SSLv3. This will be automatically distributed to all Opera 12 installations in the next few days. We’re allowing ourselves to be a bit experimental with this, so users who have not yet upgraded to Opera 25 may see more of the broken servers.

    Source: http://blogs.opera.com/security/2014/10/security-changes-opera-25-poodle-attacks/

    Mozilla will disable SSLv3 too.
    Source: https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

    Both articles provide additional information.

  • But I have seen on this site than Vivaldi yes for "vulnerable for poodle attack " True ?

Log in to reply

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.