Test if SSLv3 is available.
$ openssl s_client -connect ipduh.com:443 -ssl3
In Debian SSLv2 is disabled by default but SSLv3 is available.
# grep SSLProtocol /etc/apache2/mods-available/ssl.conf SSLProtocol all -SSLv2
To disable SSLv3 add '-SSLv3' in /etc/apache2/mods-available/ssl.conf
# vi /etc/apache2/mods-available/ssl.conf
If you are using SSL Virtual Hosts you may need to add
SSLProtocol All -SSLv2 -SSLv3in each VirtualHost definition.
Restart Apache
# /etc/init.d/apache2 restart
Test again if SSLv3 is disabled.
$ openssl s_client -connect ipduh.com:443 -ssl3 CONNECTED(00000003) 140330958718632:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1258:SSL alert number 40 140330958718632:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
apache disable SSLv3