Zitat von Geoff Winkless <cyrus@xxxxxxxx>:
Genuine question: is it shown that POODLE impacts on IMAPS? I don't see how POODLE could affect an IMAPS session, since it only works if you can MITM a non-SSL session on the user's browser and force it to request the same target page over and over. Cheers Geoff
As said i'm still reading on the details, so thanks for the pointer. Nonetheless it might be time to give up on SSLv3 because of protocol design errors/weakness. Unfortunately it looks like Cyrus can not disable SSLv3 protocol without disabling ciphers also used in TLSv1.x, no?
Regards Andreas
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
