Downgrade attack

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

A downgrade attack is a form of attack on a computer system or communications protocol that makes it abandon a high-quality mode of operation (e.g. an encrypted connection) in favor of an older, lower-quality mode of operation (e.g. clear text) that is typically provided for backward compatibility with older systems. An example of such a flaw was found in OpenSSL that allowed the attacker to negotiate the use of a lower version of TLS between the client and server.[1] This is one of the most common types of downgrade attacks. Another example is intercepting web traffic and redirecting the user from the secure, HTTPS version of a website to an unencrypted HTTP version.

Downgrade attacks are often implemented as part of a man-in-the-middle attack, and may be used as a way of enabling a cryptographic attack that might not be possible otherwise. Downgrade attacks have been a consistent problem with the SSL/TLS family of protocols; examples of such attacks include the POODLE attack.

Removing backward compatibility is often the only way to prevent downgrade attacks. However, sometimes the client and server can recognize each other as up-to-date in a manner that prevents them. For example, if a Web server and user agent both implement HTTP Strict Transport Security and the user agent knows this of the server (either by having previously accessed it over HTTPS, or because it is on an "HSTS preload list"[2][3][4]), then the user agent will refuse to access the site over vanilla HTTP, even if a malicious router represents it and the server to each other as not being HTTPS-capable.


  1. ^ Praetorian. "Man-in-the-Middle TLS Protocol Downgrade Attack". Praetorian. Retrieved 2016-04-13. 
  2. ^ Adam Langley (8 July 2010). "Strict Transport Security". The Chromium Projects. Retrieved 22 July 2010. 
  3. ^ David Keeler (1 November 2012). "Preloading HSTS". Mozilla Security Blog. Retrieved 6 February 2014. 
  4. ^ Bell, Mike; Walp, David (February 16, 2015). "HTTP Strict Transport Security comes to Internet Explorer". Retrieved 16 February 2015.