Protecting against Security Vulnerabilities in SSL Version 2

SSL (Secure Sockets Layer) is a protocol developed by Netscape for secure (encrypted and possibly authenticated) data transmission over the Internet. It is mainly used by Secure-HTTP (HTTPS), in order to protect the privacy and provide authentication for HTTP transactions.

SSLv2 contains some security flaws in its design, making it susceptible to attacks allowing an attack to disrupt or eavesdrop on the private communication offered by SSL. These include:

Same cryptographic keys are used for message authentication and encryption, which means that in some cases (where export grade 40 bit keys were used), the Message Authentication Code (MAC) was weak and could be broken by attackers

SSLv2 lacks protection in the handshake process so a man-in-the-middle (MITM) attack cannot be detected. A MITM attack allows an attacker to situate himself between the client and the server and pretend to be the client as far as the server is concerned, and the server – as far as the client is concerned.

SSLv2 used the TCP connection closure to signal the end of data. An attacker could forge this signal to force a recipient to end data transmission.

Users of VPN-1 NG with Application Intelligence R55, R55W and VPN-1 NGX R60 who have applied the solution outlined below will identify the following SmartView Tracker log entries:

Information: Not allowed SSL version

Users of VPN-1 NG with Application Intelligence R55 & R55W and users of VPN-1 NGX R60 can force the use of SSLv3 in HTTPS transaction by placing the service ssl_v3 in the Firewall rule base and install policy on all modules.