<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-15">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<font face="Arial" size="2"><span style="font-size:10pt;">
<div>Hello,</div>
<div> </div>
<div>I have a pretty standard stunnel server configuration with
verify = 2 and clients, that don't speak TLS and can't easily
be upgraded to support TLS. So disabling SSLv3 leads to
handshake errors, I need to leave it enabled for now.</div>
<div>The SSL connection is always renegotiated, a proprietary
protocol is used inside SSL, and clients can be considered
safe.</div>
<div><font face="Calibri" size="2"><span style="font-size:11pt;"> </span></font></div>
<div>Can the poodle security flaw realistically be used by a man
in the middle to decrypt packets send over such an SSLv3
connection?<br>
If so, is there any other way to protect against the attack?<br>
</div>
<br>
Thank you.<br>
</span></font>
</body>
</html>