Yesterday Google engineers published about one vulnerability in SSLv3 called POODLE (Padding Oracle On Downgraded Legacy Encryption). In words of Google, you can click in the Image for view the entire Google PDF about the issue:
"SSL 3.0 is nearly 18 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue."
The Zimbra team was working hard yesterday after the Google announcement, and we wrote a Wiki Page for Fix this issue in Zimbra Collaboration 7.x, 8.0.x and 8.x. The Wiki page is in constant evolution and we will provide more information or steps, when we will test it before. Please, click here to go to the Wiki Page.
UPDATE 10/17/2014: Zimbra Official Blog article about POODLE - http://community.zimbra.com/zblogs/b/teamblog/archive/2014/10/16/poodle-and-sslv3
UPDATE 10/18/2014: The Wiki Page for the POODLE vulnerabilty, was updated with more information about POP3S and IMAPS, for now you can disable them if you have the Proxy Service enabled, if not, if you secure the HTTPS protocol is enough. SSLv3 will be deprecated in future releases. Please, keep tuned with the new information in the Wiki Article.
Update 10/22/2014: Partial Fix for our customers and users that are running 7.x version, please go to the Wiki Article and take a look.