Microsoft has released an advisory pointing out the potential information disclosure risk in SSL/TLS that exists when CBC mode is used in combination with AES. As a workaround, Microsoft suggests switching to stream encryption via RC4, an algorithm that is not vulnerable to the recently disclosed "chosen-plaintext" attack. The vendor has released instructions on how to do so.

To use RC4, the instructions advise administrators to move such cipher suites as TLS_RSA_WITH_RC4_128_MD5 to the top of the cipher suite list so that they are suggested to the client first. However, whether the client will accept these suites is a different matter. Microsoft therefore recommends switching to TLS 1.1.

For this purpose, the vendor has released two fix-it tools that enable TLS 1.1 in Internet Explorer and on Windows servers. Only TLS 1.0 is enabled by default, although programs such as Internet Explorer do support TLS 1.1 and TLS 1.2. In Internet Explorer, these options can also be set or deleted without a fix-it tool under Internet Options/Advanced. Manual configuration on Windows servers is slightly more involved because certain secure channel (schannel) keys must be modified in the Registry. Therefore, using the fix-it tool is probably the preferable option in this case.

The Firefox developers are discussing how best to solve the problem without impacting web server compatibility. However, they have been doing this since the end of June. At that time, Thai Duong had already pointed out the imminent problem, and how the vulnerability could be exploited via web sockets and Java applets, to Dan Veditz. Firefox currently only supports TLS 1.0.

(ehe)