Hi,
I turned off SSLv3 support yesterday, but not because of the poodle attack.
Not directly, at least.
That attack depends on making a client log in thousands of times, and the
attacker must control the number of bytes before the password. Neither of
those is possible against any SMTP, IMAP and POP client (library) I know.
But poodle means that the last remnants of SSLv3 support in client
libraries is likely to be disabled in the near future, which makes it safe
to disable SSLv3 in servers. So I did.
Arnt
