POODLE (Padding Oracle On Downgraded Legacy Encryption.) is in the news these days, and the fix for it is the following:
Internet Storm Center link and the important parts:
Apache: Add -SSLv3 to the “SSLProtocol” line. It should already contain -SSLv2 unless you list specific protocols.
nginx: list specific allowed protocols in the “ssl_protocols” line. Make sure SSLv2 and SSLv3 is not listed. For example: ssl_protocols TLSv2 TLSv1.1 TLSv1.2;
Postfix: Disable SSLv3 support in the smtpd_tls_manadatory_protocols configuration line. For example: smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
Dovecot: similar, disable SSLv2 and SSLv3 in the ssl_protocols line. For example: ssl_protocols = !SSLv2 !SSLv3
HAProxy Server: the bind configuration line should include no-sslv3 (this line also lists allowed ciphers)
puppet: see https://github.com/stephenrjohnson/puppetmodule/commit/1adb73f9a400cb5e91c4ece1c6166fd63004f448 for instructions
The client software or browser also has settings to change – i.e. your browser as in Internet explorer, Chrome, and Firefox.
A good explanation is at Nakedsecurity.sophos.com, I like this image:
The SSLv3 is an old obsolete encryption technology, and we have to be aware of these things.