I use a commercial email service that provides IMAP over SSL on port 993 and SMT
ID: 658336 • Letter: I
Question
I use a commercial email service that provides IMAP over SSL on port 993 and SMTP over SSL on port 465. I currently connect to their servers with Thunderbird and the Apple's iOS8 email client.
Could these connections be vulnerable to POODLE? My impression is that the SSL connection negotiated on these ports might be SSLv3.0. I turned on connection logging in Thunderbird but it does not report the protocol versions. How can I determine the SSL version used for these connections?
My email service also provides regular IMAP on 143 and SMTP on 587 (and other ports). If I force my clients to use STARTTLS, the same question arises about the protocol that is used.
Explanation / Answer
Have a look at https://ssl-tools.net/mailservers. There you can get information about the mail server, including the support for SSL 3.0. But, please note that POODLE is about a specific attack pattern which uses a design flaw in SSL 3.0 and which works fine with HTTP to steal session cookies. But, while it is good to disable SSL 3.0 completely, the idea of POODLE can not be easily applied to attack IMAP, POP3 or SMTP protocol to steal the login credentials. This does not mean that these protocols are safe with SSL 3.0, but only that you need to develop a different approach to exploit the flaws in SSL 3.0.