Martijn van Oosterhout <kleptog@svana.org> writes:
> Dag-Erling Smørgrav <des@des.no> writes:
> > If I understand correctly, imaps has been shown to be vulnerable as
> > well, so I wouldn't be so sure.
> Reference?
Sorry, no reference. I was told that Thunderbird was vulnerable to
POODLE when talking imaps.
> Since you can already specify the cipher list, couldn't you just add
> -SSLv3 to the cipher list and be done?
I didn't want to change the existing behavior; all I wanted was to give
users a way to do so if they wish.
DES
--
Dag-Erling Smørgrav - des@des.no