If the NIST curves are weak in a way that we don't understand, this
means that ECC has properties that we don't understand.
Thus, if you don't trust the NIST Prime curves, does it make sense to
trust any ECC curves at all?
All maths has properties we do not understand.
the question is not
https://www.openssl.org/~bodo/ssl-poodle.pdf
SSL 3.0 [RFC6101] is an obsolete and insecure protocol. While for most
practical purposes it has been replaced by its successors TLS 1.0
[RFC2246], TLS 1.1 [RFC4346], and TLS 1.2 [RFC5246], many TLS
implementations remain backwardscompatible with SSL