Description:

EMS customers do not need to take any action to remain secure from the POODLE vulnerability. 

The easiest way to protect an SSL connection from the POODLE vulnerability is to use TLSv1 or later, and disable SSLv3.
We use TLSv1 with all versions of the EMS server that support SSL with all versions of the client that support SSL. This means that all versions EMS are secure. 

If you do a pen-test of the EMS server, you may find that the server does accept SSLv3 connections. However, this does not present a problem:

? Both the server and the client are coded to prefer TLSv1, so any connection between legitimate EMS participants will either succeed as TLSv1, or fail entirely.

? Unlike web browsers, the EMS client does not retry connections with successively older protocols. So the client cannot be tricked into using SSLv3 by interfering with connection 

attempts.

As long as certificates are used properly on the server end, there is no way to launch either an active or a passive MiTM attack on EMS based on the POODLE vulnerability.

Customers of EMSCA should not be concerned. The POODLE vulnerability is a weakness in SSL and EMSCA does not use SSL for web clients.