Description:
eFTL is vulnerable to the POODLE attack when used with the JavaScript client via a web
browser or node.js. Since the JavaScript client uses the underlying environment’s SSL
implementation, any vulnerabilities in that environment will apply to communications with the
eFTL server.

This will be addressed in eFTL 1.1.1 by disabling SSLv3 in the server. This fix will
be effective even with older versions of the client. As long as the server is version 1.1.1 or
newer, the connections will be secure against the POODLE attack.