Edward Snowden’s disclosures provided proof that some of the Internet eavesdropping attacks long theorized in the security community were likely to be already widely used by governments worldwide. This led to a significantly increased level of interest in finding and closing vulnerabilities in the Internet’s encryption infrastructure. This Google blog post discloses the most recent discovery: POODLE. It’s best to read the Google Researchers’ paper for full details but the essence of the vulnerability is as follows:
Very old versions of the SSL protocol (SSL 3.0 aka SSLv3) were found some time ago to have weaknesses that could be exploited by someone with the capability to intercept and modify traffic between client and server (details in CVE-2014-3566). Typically this “someone” would be a government agency but it could be an ISP or in theory even your local coffee shop if you use their WiFi hotspot.
Suspected or known weaknesses have existed in SSLv3 for years and newer protocols (TLS 1.0 then TLS 1.1 and 1.2) were developed with the intention that they would supersede it. However because it takes years to roll out new encryption protocols across all the computers, phones and servers on the Internet were given a mechanism that allows client and server to negotiate which protocol to use. The idea being that an older client would select SSLv3 while a newer one would select TLS 1.x. This turns out to lead to a way to exploit the POODLE vulnerability even when using modern TLS1.x-capable systems because although today (more than 10 years later) there is no good reason to use SSLv3, the code that allows protocol negotiation is still present in most browsers and servers. An attacker with network level access can modify packets as they cross the Internet and thereby trick that negotiation mechanism into selecting SSLv3. Once that has been done the same attacker can capture the encrypted data and use the weaknesses in SSLv3 encryption to break it, giving them the original plain text.
The upshot is that this long-unneeded capability to fall back to the SSLv3 protocol exposes the potential to allow widespread eavesdropping on the Internet for those who are able to gain access to the network itself. The obvious and quickest fix is to discontinue all use of SSLv3. Accordingly since last night NuevaSync’s servers no longer will provide SSLv3 support.
All computers, web browsers and phones made in the last 10 years will be unaffected by this change. There is a very small chance that extremely old devices that only have SSLv3 support are still in use. There is also a theoretical possibility of an IMAP server belonging to one of our users does not support TLS. We think it is highly unlikely that discontinuing support for SSLv3 will have any affect on any of our users but don’t hesitate to contact the support team (via the support page in our Control Panel site) if you think it is possible you’re seeing an SSL-related problem especially if it was first seen today.