I definitely support a more secure default and would not only disable SSLv3
I have been using the following ssl.conf settings since about 2 years for about anything.
Gets me an A+ rating on Qualys and only kicks veeeery old clients, like Android v2, Win XP with IE8 and the like. No matter what application, that conf never failed on me.
As a default, enforcing HSTS might be a little bit too much…
…
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
SSLHonorCipherOrder on
SSLInsecureRenegotiation off
SSLCompression Off
Header always set Strict-Transport-Security “max-age=15768000”
…
Cheers
Juri