Sales Department: +48 789 594 102
Email UsLive Chat Knowledge Base
Client Area

How to protect yourself against SSL attacks?

SSL
22/01/2025  in Security, SSL Articles

In the case of all security technologies, there are attempts to break or circumvent them. On multiple occasions, efforts have also been made to find weaknesses in the SSL protocol. Together with new threats, successive and effective sets of algorithms and security measures continue to emerge. However, it is worth knowing what types of attacks can be aimed at the SSL protocol and how to protect against them.

Poodle

Poodle (Padding Oracle On Downgraded Legacy Encryption) appeared in October 2014. This form of attack exploits servers using SSL version 3.0 for compatibility with older systems. The attacker’s goal is to get between the server and the victim and then downgrade the connection to SSL 3.0. The vulnerability present in Cipher Block Chaining (CBC) mode allows a block cipher to encrypt content of virtually unlimited length. However, the output data must be a multiple of the block size in its entirety and consist of fields linked together. In addition to the plaintext and the bytes needed to fill the block, this also applies to the padding bytes and the message authentication code (MAC) key. The latter is calculated based on the plaintext and includes some additional information, for instance regarding the message’s sequence number.

SSL Stripping

The SSL Stripping technique downgrades an HTTPS connection secured by an SSL certificate to plain HTTP. In this type of attack, success also depends on intercepting the victim’s network traffic. The traffic may pass entirely through the attacker’s computer, which also serves as a proxy server. This process generates a certificate error and encrypts the intercepted traffic. For example, when a bank’s website is typed into the address bar, the server’s response is awaited not only by the user but also by the attacker’s machine connected to the browser. The victim’s request is passed on by the attacker, while the bank still recognizes the connection as secure. The server responds with an HTTPS login page, which the attacker modifies to the HTTP protocol. From that point on, the victim’s requests are transmitted in plaintext, giving the attacker the ability to read all credentials. No errors appear in the browser, so the user remains unaware of the attack. However, SSL Stripping is relatively easy to detect – one only needs to notice that the connection to the trusted site is no longer encrypted.

Freak

Regulations for exporting complex cryptographic systems were introduced by the US government in the 1990s. They set a limit on RSA key strength, which for all exported SSL implementations was a maximum of 512 bits. These regulations were abolished in 2000, allowing browsers to use more secure SSL certificates. It was only in 2015 that it was discovered that older versions of the encryption could still be used. Servers that support such versions are vulnerable to attacks that downgrade the connection to much weaker encryption algorithms. With today’s computing power, these keys can be broken within a few hours. Although many years have passed since the restrictions were lifted, even after the vulnerability was discovered, up to 10% of the one million most frequently visited websites continued to support export ciphers. Therefore, to protect yourself from Freak attacks, you should use the latest version of the SSL protocol. Threat detection must also take place throughout the entire infrastructure of the secured service.

Leave your comment

Add A Knowledge Base Question !

You will receive an email when your question will be answered.

+ = Verify Human or Spambot ?