Citing the long history of weaknesses in the Secure Sockets Layer (SSL) 3.0 cryptographic protocol and the RC4 Cipher Suite, Google plans to disable support for both SSLv3 as well as RC4 stream cipher in its front-end servers.
While announcing on its official blog, the Search Engine giant said the company is looking to put away SSLv3 and RC4 in all of its front-end servers, and eventually, in all its software including Chrome, Android, Web crawlers, and email servers.
The move by Google came as no surprise, considering the fact that both RC4 and SSLv3 have been deemed unsecure by the Internet Engineering Task Force (IETF).
What are the Problems?
SSLv3, which was made outdated 16 years ago, has a long history of security problems like BEAST, out of them the most recent one was POODLE (Padding Oracle On Downgraded Legacy Encryption) attacks, which lead to the recovery of plaintext communication.
The IETF officially declared SSLV3 dead and buried, and condemned SSLv3 in an Internet Standards Track document published three months ago, calling it "not sufficiently secure" and prohibiting fallback to SSLv3 in new applications.
RC4 (Rivest Cipher 4) is 28 years old cryptographic cipher suite and still used by about 50% of all TLS traffic.
RC4 has been attacked multiple times over the years that sometimes lead to TLS session compromise and cookie decryption.
Recently, two Belgian security researchers also showed a more practical and feasible attack technique against the RC4 cryptographic algorithm, allowing attackers to subsequently expose encrypted data in a much shorter amount of time than was previously possible.
What can You do About This?
The best solution to these security hurdles is to disable SSLv3 and RC4 support, and Google will be doing the same.
Google will slowly be disabling SSLv3 and RC4 support on its front end servers and across all of its products, including Chrome, Android, and email servers.
Though, the company is also establishing new recommended minimum TLS standards for the future, so websites and TLS clients can automatically upgrade to safer protocols.
As many embedded systems and other client applications that connect to Google's services can not be easily upgraded to support new crypto protocols, the search engine recommends new devices and apps to adopt:
- TLS (Transport Layer Security) 1.2 must be supported
- A Server Name Indication (SNI) extension must be included in the handshake and must contain the domain that it is being connected to.
- The cipher suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 must be supported with P-256 and uncompressed points.
- At least the certificates in 'https://pki.google.com/roots.pem' must be trusted.
- Certificate handling must be able to support DNS Subject Alternative Names and those SANs may include a single wildcard as the left-most label in the name.
It doesn't mean that the devices and apps that don't meet these requirements will stop working anytime soon, but they may be affected by the changes through the year 2020, notes Adam Langley, a security engineer for the company.