I had a quick discussion with mdeslaur (security team) on #ubuntu- hardened.
He's not prepared to push changes which just turn SSLv3 off, since that would break clients. But he is prepared to sponsor security patches that add it as an option, so that users can opt to turn SSLv3 off after they've got the security update. ** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dovecot in Ubuntu. https://bugs.launchpad.net/bugs/1381537 Title: Dovecot version in precise too old to switch off SSLv3 protocol for "poodle" fix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/1381537/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
