That shot you heard? SSLv3 is now DEAD

[Batu69]

It's joined the choir invisible

We really, really, really mean it this time: take SSL3 and bury it.

That's the message from the home of all things Internet the Internet Engineering Task Force, which has issued the “take it behind the shed” edict in this RFC.

It's actually only formalising what the IETF and industry already knew: SSLv3 is ancient and insecure, and is the source of problems like BEAST and POODLE.

Major vendors have been expunging the buggy kludge from their code since last year, but RFC 7568 makes killing it off official IETF policy.

It had already signalled its intent in May, and the new document should only affect the handful of terminally-dozy sysadmins who haven't already patched their systems.

“Pragmatically, clients MUST NOT send a ClientHello with ClientHello.client_version set to {03,00}. Similarly, servers MUST NOT send a ServerHello with ServerHello.server_version set to {03,00}. Any party receiving a Hello message with the protocol version set to {03,00} MUST respond with a "protocol_version" alert message and close the connection.”

The RFC also provides a nice, single source record of what's gone wrong with the protocol in nearly-two-decades of life.

The record layer (where POODLE hit) is broken and can't be fixed; its key exchange is vulnerable during renegotiation or session resumption, and can't be fixed; all of its crypto primitives rely on the deprecated SHA-1; and it can't take advantage of security features added to recent versions of TLS.

Farewell, SSLv3, we hope forever.

Source