[yuhong]

If you are on Windows Server 2003, install https://technet.microsoft.com/en-us/library/security/ms10-02... with /b:SP2QFE, otherwise your mail server may stop working. (Yes, installing https://support.microsoft.com/en-us/kb/957047 should do this for you, but this is safer especially considering how Server 2003 don't use CBS servicing)

[aexaey]

Thank you for mentioning this. I was really struggling to understand reasons for not dropping SSL3 much, much earlier.

[gram657]

I guess google's first move was to start identifying mail sent in cleartext with the unlocked red padlock symbol. That was in February 2016. This is stage 2.

[yuhong]

This is not about SSLv3, this is about CBC ciphersuites. But yes I should mention that IBM Domino used to be SSLv3 only.