Not vulnerable against poodle attacks
A security flaw was published for an old version of the popular internet encryption standard SSL â namely SSLv3. The media has calling this new attack the POODLE attack. SSLv3 is a really old standard and by far not state-of-the-art technology. Newer browsers and mail-clients support the much better modern TLS standard. Due to this situation we have deactivated SSLv3 encryption for all of our mail-servers, yesterday afternoon. Our webservers havenât been serving SSLv3 since February. Thus, our infrastructure is not affected by the recently published SSLv3 attack. Â Update: Weâve have just received notice from Timo Sirainen (the main-developer of Dovecot) that after studying the attack-vector of POODLE problem, that he sees nearly to absolutely no possible approach to use this attack with the POP3 and IMAP protocols.