Vulnerability Fixation
How To Fix SSL Poodle Vulnerability

Prevention steps to be followed for Apache Web Server

To disable SSLv3 on the Apache web server, you will have to adjust the SSLProtocol directive provided by the mod_ssl module. This directive can be set either at the server level or in a virtual host configuration. Depending on your distribution's Apache configuration, the SSL configuration may be located in a separate file that is sourced.

On Ubuntu, the server-wide specification for servers can be adjusted by editing the file: /etc/apache2/mods-available/ssl.conf

If mod_ssl is enabled, a symbolic link will connect this file to the mods-enabled subdirectory:
sudo nano /etc/apache2/mods-available/ssl.conf
Save and close the file.

Restart the service to enable your changes

sudo service apache2 restart
On CentOS, you can adjust this in the SSL configuration file located here (if SSL is enabled):sudo nano /etc/httpd/conf.d/ssl.conf

Inside you can find the SSLProtocol directive. If this is not available, create it. Modify this to explicitly remove support for SSLv3
SSLProtocol all -SSLv3 -SSLv2

Save and close the file. Restart the service to enable your changes
sudo service httpd restart

Prevention steps to be followed for Windows Server

In Windows Server 2003 to 2012 R2, the SSL/TLS protocols are controlled by flags in the registry set at:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols

To disable SSLv3, create a subkey at the above location named SSL 3.0 and, under that, a subkey named Server:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0\Server

Create a DWORD value named Enabled and leave it set at 0.

To disable SSLv2, create a subkey at the above location named SSL 2.0 and, under that, a subkey named Server:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 2.0\Server. Create a DWORD value named Enabled and leave it set at 0.This is not tested on all versions, but it is likely a reboot is necessary for this change to take effect.

Prevention steps to be followed on HAProxy Load Balancer

To disable SSLv3 in anHAProxy load balancer, you will need to open the haproxy.cfg file.

This is located at /etc/haproxy/haproxy.cfg:
sudonano /etc/haproxy/haproxy.cfg

In front end configuration, if you have SSL enabled, your bind directive will specify the public IP address and port. If you are using SSL,
you will want to add no-sslv3 to the end of this line:
frontendname
bindpublic_ip:443 sslcrt/path/to/certsno-sslv3
Save and close the file.
You will need to restart the service to implement the changes:
sudo service haproxy restart

Prevention steps to be followed on Nginx Web Server

To disable SSLv3 in the Nginx web server, you can use the ssl_protocols directive. This will be located in the server or http blocks in your configuration.
For instance, on Ubuntu, you can either add this globally to /etc/nginx/nginx.conf inside of the httpblock, or to each server block in the /etc/nginx/sites-enabled directory.
sudonano /etc/nginx/nginx.conf

To disable SSLv3, your ssl_protocols directive should be set like this:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
You should restart the server after you have made the above modification:
sudo service nginx restart