I've noticed a few of my favorite websites failing with some odd error
from Firefox.
The Firefox error
message is a bit misleading. It actually has nothing to do with the
website supporting SSL 3.0 but the advanced info is spot on. The error
"ssl_error_no_cypher_overlap" means that the client didn't offer any
ciphers that the server also supports. Generally when I see this I
assume that the server has been setup poorly and only supports unsafe
ciphers. In this case the website only supports the RC4 cipher. I
wondered why I was starting to see a reversal of removing RC4 from so
many websites recently (especially since RC4 is very
weak
and is on the way
out).
Apparently these websites all use the F5 load balancer that had a bad
implementation of the TLS 1.0 standard causing a POODLE-like
vulnerability.
Stepping back for a moment, back in October the POODLE
vulnerability hit the
streets and a mass exodus from SSL 3.0 happened around the world. I was
happy to see so many people running away from the broken cryptographic
protocol and very happy to see the big push to implementing the latest
version of TLS, TLS 1.2. So with SSL 3.0 out of the way and the POODLE
vulnerability being squelched why are we seeing problems in TLS 1.0 now?
Well, simply put, F5 load balancers don't implement TLS 1.0
correctly.
The problem with SSL 3.0 is that the padding format isn't checked.
Apparently in the F5 devices it's still a problem in TLS 1.0. And while
the company did offer up patches to fix the issue, some really bad
advice
has been circulating the Internetz telling people to only support RC4,
again. Sigh.
When RC4 finally dies a fiery death I'll likely throw a party. I'm sure
I won't be the only one...