Here is the information about POODLE for all McAfee Products - https://kc.mcafee.com/agent/index?page=content&id=SB10090
As for the SHA2 - We’ll have no problems verifying a certificate signature that uses SHA-256 or better as the hashing algorithm.
I've got the following from McAfee support.
I am going to test it on the next couple of days.
Hope it helps
Currently the McAfee Email Gateway (MEG) only allows SHA-1 from the management console. On the command line the current version of openssl (1.0.1e-fips) actually defaults to using SHA-2 for signing requests.
Log on via SSH on the backend of the appliance.
1. First create a private key with the filename of privatekey.pem
openssl genrsa -out privatekey.pem 2048
openssl genpkey -algorithm RSA -out privatekey.pem -pkeyopt rsa_keygen_bits:2048
2. Use the private key to create a CSR with the filename of sha256.csr
Note: It would probably be best to limit it to sha256
openssl req -new -sha256 -nodes -key privatekey.pem -out sha256.csr
3. To verify, you can run this command
$ openssl req -noout -text -in sha256.csr | grep -E "Signature|Public-Key"
Public-Key: (2048 bit)
Signature Algorithm: sha256WithRSAEncryption
You are specifically looking for the line “Signature Algorithm: sha256Wit