I'm still reading the details but it is rumored that the exploit is a weakness in the protocol spec of SSLv3 itself, so any service using the SSLv3 protocol according to the spec should be vulnerable :-(
So the question is now how to disable SSLv3 protocol for openfire?
Regards
Andreas