AnsweredAssumed Answered

How does POODLE affect TLS 1.0/1.1?

Question asked by smaug on Mar 7, 2015
Latest reply on Mar 8, 2015 by Adm Selec

Hi

 

Based on "POODLE has now been extended to certain TLS 1.0 and TLS 1.1 implementations. ".

 

What are these TLS 1.0 and TLS 1.1 implementations that are infected with POODLE vulnerability?

 

Are these implementations related to the use of CBC with TLS 1.0 and TLS 1.1?

 

I was unable to determine by seeing the Lab's results.

 

Thank you.

 

 

---------------------------------

 

 

 

https://www.ssllabs.com/ssltest/analyze.html?d=sbisec.co.jp

 

 

Protocols

TLS 1.2 Yes

TLS 1.1 No

TLS 1.0 Yes

SSL 3   INSECURE Yes

SSL 2 No

 

 

Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end)

TLS_RSA_WITH_RC4_128_MD5 (0x4)   WEAK 128

TLS_RSA_WITH_RC4_128_SHA (0x5)   WEAK 128

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128

TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256

TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112

TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256

 

https://www.ssllabs.com/ssltest/analyze.html?d=kpn.com

 

 

Protocols

TLS 1.2 No

TLS 1.1 No

TLS 1.0 Yes

SSL 3 No

SSL 2 N

 

 

TCipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end)

TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128

TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)

 

 

 

https://www.ssllabs.com/ssltest/analyze.html?d=sslweb.ramsellcorp.com

 

 

Protocols

TLS 1.2 No

TLS 1.1 No

TLS 1.0 Yes

SSL 3   INSECURE Yes

SSL 2 No

 

 

Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end)

TLS_RSA_WITH_RC4_128_SHA (0x5)   WEAK 128

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128

TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256

TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112

Outcomes