Padding Oracle On Downgraded Legacy Encryption - aka POODLE (CVE-2014-3566) describes an attack against the SSL 3.0 protocol, which is a predecessor to the current protocols TLS 1.x. SSL 3.0 is outdated, TLS 1.0, 1.1, and 1.2 are specified, have been implemented for a while, and also includes better encryption algorithms. There is no reason to use SSL 3.0 anymore, as long as all components of an application support at least TLS 1.0.
This is true for soft-phones that run on Windows Vista/Server 2008 or later, therefore no problem for Lync 2010/2013 (server and client). But what about the Lync phone edition? The devices run on Windows Embedded CE 6.0 on an ARM platform. So, what about disabling SSL 3.0 in regards to desktop IP phones with Lync phone edition? This is the question that I was confronted with.
You can simply test it, but here is some background information that I was not able to find when I was searching for it, so I had a reason for this article.