Details
Description
Poodle attack described here: http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
More user friendly description here: http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html
My thinking is we currently fix this for 3.0.1 and then create an MB to backport to 2.5.2 whenever that ships.
Suggested fix: remove SSL v3 support in the versions the server SSL socket supports.