Poodle Attack in Actix with Jwt Tokens

The Poodle attack (Padding Oracle On Downgraded Legacy Encryption) targets systems that negotiate SSL 3.0 or accept fallback to it. When an Actix web service uses TLS but permits SSL 3.0 fallback, an attacker who can intercept or downgrade the connection may exploit the padding validation oracle to decrypt captured ciphertext. If JWT tokens are transmitted over such a downgrade channel, their confidentiality and integrity can be compromised even when the application itself performs cryptographic operations correctly.

In an Actix-based API that relies on JWT tokens for authorization, the risk arises when the deployment stack (load balancer, reverse proxy, or server TLS configuration) allows SSL 3.0. An attacker can force a session to use SSL 3.0 and iteratively query the server to learn whether padding is valid, eventually recovering the plaintext JWT. Even if the Actix application validates signatures and checks claims, a decrypted JWT handed to the server can be accepted if the transport is downgraded, bypassing intended protections. This is a transport-layer weakness that surfaces as a finding in the Encryption and Data Exposure checks when middleBrick scans the endpoint.

middleBrick tests the unauthenticated attack surface and flags scenarios where SSL 3.0 is negotiable or where TLS configurations permit legacy protocols. The scanner does not fix the configuration, but its findings include prioritized remediation guidance mapped to frameworks such as OWASP API Top 10 and relevant compliance regimes. The presence of JWT tokens in requests and responses is also monitored; if tokens are exposed due to weak transport security, the scan highlights the Data Exposure and Encryption categories with severity ratings and specific guidance.

Remediation centers on ensuring TLS configurations prohibit SSL 3.0 and enforce strong protocols and ciphers, while keeping JWT handling robust in Actix. The application code should continue to validate JWT signatures and claims, but transport security must be hardened so that tokens cannot be recovered via padding oracle attacks.

Below are concrete Actix examples that demonstrate secure configuration and JWT validation. The first snippet shows how to set a strict TLS acceptor that disables SSL 3.0 and weak ciphers. The second shows JWT validation using the jsonwebtoken crate, ensuring tokens are verified before access to protected routes.

// Cargo.toml dependencies
// actix-web = "4"
// actix-rt = "2"
// openssl = "0.10"
// jsonwebtoken = "9"
// serde = { version = "1.0", features = ["derive"] }

use actix_web::{web, App, HttpServer, HttpResponse, HttpRequest};
use actix_web::http::header::CONTENT_TYPE;
use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod, SslVerifyMode};
use jsonwebtoken::{decode, Algorithm, DecodingKey, Validation, TokenData};
use serde::{Deserialize, Serialize};

#[derive(Debug, Serialize, Deserialize)]
struct Claims {
    sub: String,
    company: String,
    exp: usize,
}

async fn validate_jwt(bearer: Option) -> Result, &'static str> {
    let token = match bearer {
        Some(b) => b.strip_prefix("Bearer ").ok_or("Invalid auth format")?,
        None => return Err("Missing Authorization header")?,
    };
    let validation = Validation::new(Algorithm::RS256);
    let decoded = decode::(
        token,
        &DecodingKey::from_rsa_pem(include_bytes!("public_key.pem"))
            .map_err(|_| "Invalid key")?,
        &validation,
    );
    decoded.map_err(|_| "Invalid token")
}

async fn protected_route(req: HttpRequest) -> HttpResponse {
    match validate_jwt(req.headers().get("Authorization").map(|v| v.to_str().unwrap_or("").to_string())) {
        Ok(token_data) => HttpResponse::Ok()
            .content_type(CONTENT_TYPE.parse().unwrap())
            .body(format!("Hello, {}", token_data.claims.sub)),
        Err(e) => HttpResponse::Unauthorized()
            .content_type(CONTENT_TYPE.parse().unwrap())
            .body(e.to_string()),
    }
}

fn create_ssl_acceptor() -> SslAcceptor {
    let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).expect("SSL builder failed");
    // Explicitly disable SSL 3.0 to prevent Poodle
    builder.set_options(openssl::ssl::SslOptions::NO_SSLV3);
    // Use strong ciphers and prefer server cipher order
    builder.set_cipher_list("ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK").expect("Bad cipher list");
    builder.set_private_key_file("key.pem", SslFiletype::PEM).expect("Failed to load private key");
    builder.set_certificate_chain_file("cert.pem").expect("Failed to load certificate");
    builder.build()
}

#[actix_web::main]
async fn main() -> std::io::Result<()> {
    let ssl_builder = create_ssl_acceptor();
    HttpServer::new(move || {
        App::new()
            .wrap(actix_web::middlebox::Logger::default())
            .service(web::resource("/api/hello").route(web::get().to(protected_route)))
    })
    .bind_openssl("127.0.0.1:8443", ssl_builder)?
    .run()
    .await
}

Key points in the remediation:

• Disable SSL 3.0 with SslOptions::NO_SSLV3 to remove the protocol that enables Poodle.
• Use strong cipher suites and prefer server order to avoid negotiated weaknesses.
• Always validate JWT signatures with a strong algorithm (e.g., RS256) and check expiration and issuer claims.
• Serve tokens only over enforced TLS, ensuring that encryption checks in the scan remain green.

After applying these changes, rerun the middleBrick scan to confirm that the Encryption and SSL/TLS findings are resolved and that JWT-related endpoints are not flagged for insecure transport.