First, let's just agree that supporting SSLv3 is no longer a good idea, and that all old versions of SSL should be disabled by default. In fact, if I could add one item to the Top 10 Hardcore Securi...
Updated the cipher string in the article to something a bit better:
"!SSLv2:!EXPORT:DHE+AES-GCM:DHE+AES:DHE+3DES:RSA+AES-GCM:RSA+AES:RSA+3DES:ECDHE+AES-GCM:ECDHE+AES:ECDHE+3DES:-MD5:-SSLv3:-RC4"