I've been using imap with openssl happily for about 15 years.
Recently it stopped working with a very well-known mail host. A friend who is usually on top of these things tells me that there is a vulnerability named "poodle" when using the -ssl3 option of openssl s_client and one should now have at the top of the list
imap-ssl-program (in imap.el) the following:
"openssl s_client -quiet -tls1 -connect %s:%p"
He hastens to point out that the option -tls1 does not mean that one is using tls rather than ssl -- a statement that means little to me.
Meanwhile, without the latest imap.el one can patch this easily enough in .gnus by cons-ing the new string into imap-ssl-program AFTER manually loading imap.