Description:
Versions of Rendezvous up to and including 8.4.2 hot fix 4 are vulnerable, but only in the
administrative web interface. Communications from clients to daemons, and between daemons,
that are configured to use SSL currently use TLSv1 only, so they are secure from the POODLE
vulnerability. Older web browsers may choose SSLv3 to communicate with the administrative
web interface, making this connection vulnerable. An active attacker could trick newer browsers
into using SSLv3.

This will be addressed in version 8.4.3. From that version on, SSLv3 will not
be accepted from browsers. Some very old browsers may lose their ability to connect to the RV
administrative web interface. In light of the POODLE vulnerability, these browsers should be
considered insecure, and we recommend strongly against their use in general.