SSLv3 is now insecure (CVE-2014-3566, POODLE) Let's disable SSLv3 by default, at least trunk.
SSLProtocol default is "all". <http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslprotocol> "all" means "a shortcut for ``+SSLv3 +TLSv1'' or - when using OpenSSL 1.0.1 and later - ``+SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2, respectively." Should we remove SSLv3 from "all" ?
