I've been reading all day about the Poodle vulnerability and it I am bit confused now vs Security and Revenue.
If I disable SSL V3 on Server (SSL V2 and V3 both will be disabled for Apache) clients (browsers) who don't support any protocol but SSL V3 will not be able to connect HTTPS with the server.
So it's situation where both client and server must communicate with TLS 1.1 1.2 and so on
If any of them uses SSL V3 and the other does not support lower versions then what happens ?
No connection to SSL.
I've seen few updates made to Firefox, perhaps they have disabled the SSL V3 in that what we usually have to do in options. This will force all the connection to lower versions and TLS
But is disabling SSL V3 really a solution for this problem ?
Best Answer
First, let's clear things up a bit:
TLS superseded SSL. TLS 1.0 came after and is an update to SSL 3.0.
TLS 1.2 > TLS 1.1 > TLS 1.0 > SSL 3.0 >
SSL 2.0 > SSL 1.0SSL versions prior to 3.0 have had known severe security vulnerabilities for a while and are disabled/not supported by modern clients and servers. SSL 3.0 will likely go the same way soon.
Of currently-used protocols, "Poodle" most severely affects SSL 3.0, where there is no way to mitigate. There is a similar attack against some TLS 1.0 and 1.1 implementations that the spec allows - make sure your software is up to date.
Now, the reason "Poodle" is a risk even with modern clients and servers is due to clients' implementation of a fallback mechanism. Not all servers will support the latest versions, so clients will try each version in order from most to least recent (TLS 1.2, TLS 1.1, TLS 1.0, SSL 3.0) until it finds one that the server supports. This happens before encrypted communication begins, so a man-in-the-middle (MITM) attacker is able to force the browser to fall back to an older version even if the server supports a higher one. This is known as a protocol downgrade attack.
Specifically, in the case of "Poodle", as long as both the client and server support SSL 3.0, a MITM attacker is able to force the use of this protocol.
So when you disable SSL 3.0, this has two effects:
Clients that support higher versions cannot be tricked into falling back to the vulnerable version (TLS Fallback SCSV is a new proposed mechanism to prevent a protocol downgrade attack, but not all clients and servers support it yet). This is the reason you want to disable SSL 3.0. The vast majority of your clients likely fall into this category, and this is beneficial.
Clients that do not support TLS at all (as others have mentioned, IE6 on XP is pretty much the only one still used for HTTPS) will not be able to connect through an encrypted connection at all. This is likely a minor portion of your userbase, and it's not worth sacrificing the security of the majority who are up-to-date to cater to this minority.