I had a quick discussion with mdeslaur (security team) on #ubuntu- hardened.
He's not prepared to push changes which just turn SSLv3 off, since that would break clients. But he is prepared to sponsor security patches that add it as an option, so that users can opt to turn SSLv3 off after they've got the security update. ** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1381537 Title: Dovecot version in precise too old to switch off SSLv3 protocol for "poodle" fix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/1381537/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
