Disabling SSLv3 protocol
sca at andreasschulze.de
Wed Nov 12 07:54:19 UTC 2014
> ... I don't think SSLv3 is especially exploitable with IMAP/POP3 protocols.
It's well known SSLv3 *is* a problem for HTTP, we assume, it isn't for
Administrators, also responsible for putting new paper in the printer,
may not have the skill to distinguish in that detail. They see the
panic in HTTP and see no action on other Application. What do they
On the other side:
If we consequently disable the broken protocol they /may/ see
"Ah, SSLv3 REALLY seem to be broken, the experts disable it here and
there and over there, too"
The attention is much higher.
More information about the dovecot