Not vulnerable against poodle attacks

A security flaw was published for an old version of the popular internet encryption standard SSL – namely SSLv3. The media has calling this new attack the POODLE attack.

SSLv3 is a really old standard and by far not state-of-the-art technology. Newer browsers and mail-clients support the much better modern TLS standard.

Due to this situation we have deactivated SSLv3 encryption for all of our mail-servers, yesterday afternoon. Our webservers haven’t been serving SSLv3 since February.

Thus, our infrastructure is not affected by the recently published SSLv3 attack.

 

Update: We’ve have just received notice from Timo Sirainen (the main-developer of Dovecot) that after studying the attack-vector of POODLE problem, that he sees nearly to absolutely no possible approach to use this attack with the POP3 and IMAP protocols.