$ nmap -sV --script ssl-poodle -p 465 <domain>
Starting Nmap 6.40 ( http://nmap.org )
PORT STATE SERVICE VERSION
465/tcp open smtps?
| ssl-poodle:
| VULNERABLE:
| SSL POODLE information leak
| State: LIKELY VULNERABLE
| IDs: CVE:CVE-2014-3566 OSVDB:113251
| Description:
| The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and
| other products, uses nondeterministic CBC padding, which makes it easier
| for man-in-the-middle attackers to obtain cleartext data via a
| padding-oracle attack, aka the "POODLE" issue.
| Disclosure date: 2014-10-14
| Check results:
| TLS_RSA_WITH_AES_128_CBC_SHA
| TLS_FALLBACK_SCSV properly implemented
| References:
| http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
| http://osvdb.org/113251
| https://www.imperialviolet.org/2014/10/14/poodle.html
|_ https://www.openssl.org/~bodo/ssl-poodle.pdf
Solution is to disable SSLv3 via Exim's tls_require_ciphers parameter.
Solution is to disable SSLv3 via Exim's
tls_require_ciphersparameter.