Earlier today, Google announced a vulnerability in SSL called POODLE, which is short for Padding Oracle On Downgraded Legacy Encryption. The vulnerability is open to man-in-the middle attaks, and allows an attacker to decrypt cipher text by using a padding oracle side-channel attack.
As this is a new vulnerability there are no patches available yet, so the recommendations to mitigate the attack are to disable SSL 3.0 and use TLS (ideally TLS version 1.2 over 1.1. or 1.0) as the vulnerability does not affect TLS. It is however not implementation specific; it is a flaw in the technology design so is not limited to OpenSSL etc.
How to test to see if your are running SSL 3.0
nmap --script ssl-enum-ciphers -p 443 IP_Address_or_domain.tld
What you want to see is…
*SSLv3: No supported ciphers found*
How to disable SSL 3.0 in Nginx
In the Nginx configuration, add this line after the line that reads “ssl on”
*ssl_protocols TLSv1.2 TLSv1.1 TLSv1;*
How to disable SSL 3.0 in Apache
In your apache configuratin file add the following line among the other SSL Directives and then restart apache
SSLProtocol All -SSLv2 -SSLv3