Maybe you've heard about HEARTBLEED or SHELLSHOCK. POODLE is the next one.

Anyone using Windows Server and IIS was lucky enough to avoid both HEARTBLEED (openssl library vulnerability - CVE-2014-0160) and SHELLSHOCK (unix bash shell vulnerability - CVE-2014-6271). However, POODLE hits everyone.

What is POODLE?

POODLE, spelled in caps to distinguish from our furry canine friends, stands for "Padding Oracle On Downgraded Legacy Encryption". It is a type of man-in-the-middle exploit whereby an attacker can force a client connection to fallback to a vulnerable version of the HTTPS protocol, SSL v3.0. This particular type of attack is different from both HEARTBLEED and SHELLSHOCK in the sense that it is not caused by a bug in implementation, but it is a flaw in the protocol design. That means that it is unpatchable. Any type of patch would break compatibility with standard SSL v3.0 clients.

How do I protect myself against POODLE attacks?

Luckily, the vulnerable SSL v3.0 protocol has been around for ages and is now superceded by better, more robust protocols. The best way to protect your applications would be to disable vulnerable protocols, and using TLS (ideally v1.2) instead. Unless your clients are different, it is safe to disable these old protocols as most clients already support TLS. According to this study, 98.7% of clients already support TLS.

Am I vulnerable?

This is your first step: checking. Even if you fix it, you need to verify it, so having a reliable checking mechanism is imperative. I recommend POODLE Scan Testing tool - https://www.poodlescan.com. Drop your URL in the textbox and go. Obviously, if your app is not on HTTPS, it is not vulnerable to this particular type of attack.

If your application is private (not accessible from a public site), you can use openssl (get it from here) to attempt to connect to your service using SSL v3, like so:

openssl s_client -connect www.myserver.com:443 -ssl3

If SSL v3 is disabled, you will get the following error (ssl handshake failure).

How to disable old versions of SSL?

Once you know that SSL v2 or v3 are enabled on your server, you need to disable them. Unfortunately, there is no in-built way how to disable SSL protocols in IIS. You need to do this the old-fashioned way, through the registry.

Create a new batch file (poodle.bat) and paste the following lines to the file:

REG ADD "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client" /v Enabled /t REG_DWORD /d 0 /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56" /v Enabled /t REG_DWORD /d 00000000 /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128" /v Enabled /t REG_DWORD /d 00000000 /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128" /v Enabled /t REG_DWORD /d 00000000 /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128" /v Enabled /t REG_DWORD /d 00000000 /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128" /v Enabled /t REG_DWORD /d 00000000 /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128" /v Enabled /t REG_DWORD /d 00000000 /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128" /v Enabled /t REG_DWORD /d 00000000 /f

Running the above batch file on the affected server will disable obsolete weak protocols, including SSL v3. You may need to restart the server to apply the changes. Once the server is up and running again, re-check using the POODLE Scan Testing tool. Always remember to do this on your test/staging servers BEFORE applying it on your live servers!

You can also create the registry entries using powershell: http://azure.microsoft.com/blog/2014/10/19/how-to-disable-ssl-3-0-in-azure-websites-roles-and-virtual-machines/

What about Azure Paas Cloud Services?

To ensure all your Paas VMs are automatically protected, you will need to create a startup task to run the poodle.bat on every VM startup.

To do this, just grab the poodle.bat file you created earlier and add it to your Cloud Project in Visual Studio as a resource. Once done, edit the ServiceDefinition.csdef to add it as a startup task. Make sure you set the executionContext to 'elevated' for administrator access. Something like this:

<?xml version="1.0" encoding="utf-8"?>
<ServiceDefinition name="myCloudService" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition" schemaVersion="2014-06.2.4">
  <WebRole name="MyWeb" vmsize="Small">
    ...
    <Startup>
      <Task commandLine="..\poodle.bat" executionContext="elevated" />
    </Startup>
  </WebRole>
</ServiceDefinition>

What about Azure Web Sites?

Microsoft has promised to disable SSL v3 on all Azure Web Sites. Official quote from http://azure.microsoft.com/blog/2014/10/19/how-to-disable-ssl-3-0-in-azure-websites-roles-and-virtual-machines/

"Azure Websites will disable SSL 3.0 for all sites by default to protect our customers from the vulnerability mentioned before. We are rolling out the changes across our data-centers and monitoring traffic in the process. The changes will be rolling out through the week of Monday October 27th, 2014. Once this is complete, customers will no longer need to take any action to disable SSL 3.0 in Azure Websites and should have protection by default."

Once all this is done, POODLE would have virtually killed off SSL v3. I'm positive that it's for the best!

UPDATE 31st Oct 2014

Google plans to disable fallback to SSL 3.0 in Chrome 39, and remove SSL 3.0 completely in Chrome 40