13 Jul
2015
13 Jul
'15
10:41 a.m.
On Mon, Jul 13, 2015 at 10:16:36AM +0100, Michael Stevens wrote:
Has anyone got any recommendations for webmail
software? I've been using
prayer (http://www-uxsup.csx.cam.ac.uk/~dpc22/prayer/) but it seems to
be vulnerable to POODLE and unlikely to get patched
This suggests that POODLE was actually patched:
https://bugs.launchpad.net/ubuntu/+source/prayer/1.3.5-dfsg1-3
I'm not familiar with Prayer, so I might be missing something. However,
POODLE isn't too a big deal and, realistically, only affects HTTPS
anyway (not STARTTLS). And seeing as POODLE uses Apache for its web
interface you should be able to disable SSL 3.0 in there.
Martijn.
PS I know that doesn't answer your question, for which I apologise.