The combination of Logstash Forwarder and Lumberjack input (and output) was vulnerable to the POODLE attack in SSLv3 protocol. We have disabled SSLv3 for this combination and set the minimum version to be TLSv1.0. We have added this vulnerability to our CVE page and are working on filling out the CVE. Thanks to Tray Torrance, Marc Chadwick, and David Arena for reporting this.
SSLv3 is no longer supported; TLS 1.0+ is required (compatible with Logstash 1.4.2+).