Hi, > Alan has pointed out that SSLv3 is disabled, but in any event > exploiting POODLE requires forcing the client to make variable > content SSLv3 requests. It's tricky to see how that could be > achieved with EAP clients. well, I wouldnt be surpised with some clients ;-) alan