What about this;
http://docs.oracle.com/cd/E28280_01/web.1111/e13707/ssl.htm#SECMG384
However any device which still uses sslv3 (and can't use sslv2), uses expired certificates which can't be updated should be accessed via plain http and proxied by a secure endpoint (such as nginx), if such (upstream) link is not considered secure enough tunnel this via vpn/ipsec or a simple stunnel.
http://docs.oracle.com/cd/E28280_01/web.1111/e13707/ssl.htm#SECMG384
However any device which still uses sslv3 (and can't use sslv2), uses expired certificates which can't be updated should be accessed via plain http and proxied by a secure endpoint (such as nginx), if such (upstream) link is not considered secure enough tunnel this via vpn/ipsec or a simple stunnel.