The POODLE attack involves a downgrade attack to SSL 3.0 and a subsequent attack against the SSL 3.0 protocol itself. For more information, see:
To protect against this attack, it is recommended that you disable SSL 3.0 for all services and clients using SSL/TLS.
You must be running IMail version 12.3 or newer. If you are running an older version you will need to upgrade to one of these versions.
Following these instructions may present compatibility problems for users on old platforms and browsers, where there is no support for TLS 1.0 or higher.It is recommended that you test these configuration changes and carefully monitor the production system after making any changes, so that you are prepared to handle any impacts.
Disabling SSLv3 for IMail services (SMTP, POP3, IMAP4)
Note: This step is only required if you have SSL/TLS enabled for the IMail Services.
Disabling SSLv3 for IMail WorkgroupShare service:
- Open Regedit
- Navigate to HKLM\Software\Wow6432Node\Ipswitch\IMail\SSL (HKLM\Software\Ipswitch\IMail\SSL on a 32 bit OS)
- If DisableSslV3_0 does not exist, add a new "DWord (32 bit) Value and name it DisableSslV3_0
- Set the value of DisableSslV3_0 to 1
- Restart SMTP, Queue Manager, POP3, and IMap4 Services in IMail
Note: This step is only required if you use the Workgroupshare service to synchronize collaboration data to Microsoft Outlook and have SSL enabled as a connection option.
Disabling SSLv3 for IMail Web Mail, EAS,and Web Admin
- Download the appropriate zip file for the version of IMail that you are running:
- Ensure DisableSslV3_0 is set to 1 as noted above.
- Stop the WorkgroupShare service.
- Rename the following files in ...\IMail\Workgroupshare
- Unzip the new files into the WorkgroupShare folder
- Restart the Workgroupshare service.
Note: This step is only required if you use the IMail Web Mail, EAS or Web Admin web services and have secure connections enabled within IIS.
- Open Notepad.exe
- Copy the following text into Notepad
Windows Registry Editor Version 5.00
- File > Save, then select All Files from the Type drop-down, and save the file with a name like DisableSSLv3.reg making sure it has a .reg extension.
- Double-click the reg file you just saved and click Yes to import it into the registry.
- Reboot Server.