SSL V3 Poodle : Shell script to verify the server

Copy below as poodle.sh

Execute this command as below:

sh poodle.sh <site>

or,

sh poodle.sh <site>:<port>

 

#!/bin/sh
help()
{
echo
echo "Usage: "
echo "sh poodle.sh <hostname>:<port>"
echo
echo "Example"
echo "sh poodle.sh google.com:443"
echo "sh poodle.sh symantec.com:443"
exit
}

hostname=$1
if [ $# -ne 1 ]
then
help
elif [ "$hostname" == '-h' ]
then
help
fi

echo $hostname | grep ":" >/dev/null
if [ $? -ne 0 ]
then
hostname=$hostname:443
fi

echo "Sending Test request to $hostname....."

echo
echo

output=`openssl s_client -connect $hostname -ssl3 < /dev/null` 2>/dev/null

echo
echo
echo "Test Complete ....."
echo
echo
echo $output | grep "ssl handshake failure" >/dev/null
if [ $? -eq 0 ]
then

echo "Server verified : $hostname"
echo "Wow !! No POODLE issue found "

else

echo "Server checked: $hostname --> Issue exist "
echo "Please disble SSL V3 on the server"

fi


 

SSLv3 vulnerability: POODLE

POODLE :  Padding Oracle On Downgraded Legacy Encryption : – This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack.

Three Google security researchers discovered the flaw and detailed how it could be exploited through what they called a Padding Oracle On Downgraded Legacy Encryption (POODLE) attack (CVE-2014-3566).

POODLE affects older standards of encryption, specifically Secure Socket Layer (SSL) version 3. It does not affect the newer encryption mechansim known as Transport Layer Security (TLS).

How to test this against your Server:

openssl s_client -connect <server>:443  -ssl3

If above command succeeds, it indicates that SSLV3 is enabled on your server.

Script @ https://troubleshootblog.com/2014/10/20/ssl-v3-poodle-shell-script-to-verify-the-server/

To fix this, disable sslV3 on your server.

How to fix this on Apache:

> SSLProtocol All -SSLv2 -SSLv3                   <- Removes SSLv2 and SSLv3 from Config

> service apache restart                          <- Restart server