

How POODLE Happened - dfranke
https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html

======
spindritf
If I disable everything except TLS 1.2 in nginx, how much breakage should I
expect? Has anyone tried?

The latest stable Fx and Chrome, including mobile, will still work, right?
What about various web services like rss readers or the google bot?

~~~
blinkingled
I wish there was an easy way to log what version of SSL/TLS client used and
with what ciphers for all mainstream web servers. Then you could just run a
script on it and see how many would break. Could be useful for other things
too.

~~~
wahnfrieden
%sslc in haproxy I think

------
baby
Really great explanation, as I asked there I don't see how it can be used if
we don't know how long the padding is.

One idea would be to try to change the ciphertext so it would produce a entire
padding block (and then it would be easy to test if it is indeed an entire
block of padding just be tampering it without modifying the last byte and it
would still be accepted).

I guess someone here could answer my question?

~~~
sdevlin
One of the requirements for the attack is partial plaintext control. This is
feasible if you're running malicious JavaScript in the user's browser.

So what you do is generate an HTTP request that, taken together with the SSL
MAC, will align on a block boundary. Then you're guaranteed to have one full
block of padding.

It might sound difficult to pull this off with multiple unknowns (other
cookies, user agent string, etc.), but in practice it would be easy. You could
make sure things line up correctly just by incrementing your packet length by
one byte at a time until you see the record size jump by a block.

