As mentioned above, it will be necessary to enable SSLv3 explicitely if you are running recently published hotfixes. You can check the result of modified SSL cipher strings by using a CLI untility as described below:
tmm --clientcipher 'DEFAULT:SSLv3'
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA
1: 53 AES256-SHA 256 TLS1 Native AES SHA RSA
2: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA
3: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA
4: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA
5: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA
6: 47 AES128-SHA 128 TLS1 Native AES SHA RSA
7: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA
8: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA
9: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA
10: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA
11: 10 DES-CBC3-SHA 192 TLS1.1 Native DES SHA RSA
12: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA
13: 10 DES-CBC3-SHA 192 DTLS1 Native DES SHA RSA
14: 5 RC4-SHA 128 TLS1 Native RC4 SHA RSA
15: 5 RC4-SHA 128 TLS1.1 Native RC4 SHA RSA
16: 5 RC4-SHA 128 TLS1.2 Native RC4 SHA RSA
17: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA
18: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA
19: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA
20: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA
21: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA
22: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 Native AES SHA ECDHE_RSA
23: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA
24: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA
25: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDHE_RSA
26: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDHE_RSA
27: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDHE_RSA
28: 57 DHE-RSA-AES256-SHA 256 SSL3 Native AES SHA EDH/RSA
29: 56 DHE-DSS-AES256-SHA 256 SSL3 Native AES SHA DHE/DSS
30: 22 DHE-RSA-DES-CBC3-SHA 192 SSL3 Native DES SHA EDH/RSA
31: 51 DHE-RSA-AES128-SHA 128 SSL3 Native AES SHA EDH/RSA
32: 50 DHE-DSS-AES128-SHA 128 SSL3 Native AES SHA DHE/DSS
33: 21 DHE-RSA-DES-CBC-SHA 64 SSL3 Native DES SHA EDH/RSA
34: 9 DES-CBC-SHA 64 SSL3 Native DES SHA RSA
35: 53 AES256-SHA 256 SSL3 Native AES SHA RSA
36: 47 AES128-SHA 128 SSL3 Native AES SHA RSA
37: 10 DES-CBC3-SHA 192 SSL3 Native DES SHA RSA
38: 5 RC4-SHA 128 SSL3 Native RC4 SHA RSA
39: 4 RC4-MD5 128 SSL3 Native RC4 MD5 RSA
In the example above I added SSLv3 to the DEFAULT cipher alias and now these ciphers are available as well and show up with low prioprity at the end of the list.
By adding additional parameters you can exclude i.e. unwanted RC4 ciphers by using the exclamation mark:
tmm --clientcipher 'DEFAULT:SSLv3:!RC4'
If you found a applicable cipher string it will be necessary to adjust this parameter in the relevant client-ssl profile associated with the virtual server to terminate incoming SSL traffic.
Thanks