Configuration High Data security is at risk due to multiple known weaknesses in SSL 3.0. This includes the POODLE attack, which could allow decryption of sensitive data, such as session cookies. It should be noted that an attacker with MITM capabilities may be able to force clients to use SSL 3.0. Remove support for SSLv3. Mozilla has recommended settings for Apache, Nginx, Haproxy and others. These settings include explicitly supporting TLS (while excluding SSLv2, SSLv3). See guide below. It is likely that the HTTPS server must be restarted for any configuration change to take effect. Vega detected server support for SSL 3.0. This version of the protocol has numerous known weaknesses and is considered deprecated in favor of newer versions of TLS. Some of the known weaknesses can result in a compromise of sensitive data such as user session tokens. POODLE Attacks on SSLv3 (ImperialViolet) Sever Side TLS (Mozilla) Transport Layer Security - SSL 3.0 HTTPS (Wikipedia)