31 Oct
2014
31 Oct
'14
9:02 p.m.
We turned off SSLv3 support on our pop/imap running dovecot on Oct 16th, we did check that all users where using TLSv1 and there have been no complaints (except one old windows-phone).
But at 13:00 UTC today, suddenly strange entries is seen in the logfile: Error: SSL: Stacked error: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message: SSL alert number 10
Followed by: pop3-login: Disconnected (no auth attempts in 2 secs) user=<>, rip=
Some 20 ips have been seen so far, all ips are uniq and none have used our server lately. Just one resoved and it's name ends .cn, some lookups with whois leads to the same origin for all.
This makes me anxious that some have made some poodle-like thing for pop3?
hmk