Not to recommend the use of SSLv3 by any means, but just to point out that there is a single case (of many) where I was forced to make a software change to migrate to SSLv3, and if making a software change is not feasible for some business reason, this would make it necessary to retain Jetty support for SSLv3 for such a person.
My single case was... I hope I get this right...
Use of Jetty 9.2.x latest as a server, to a Java 6 client on Solaris 8. Java 7 is not available for Solaris 8. Solaris 8 is end-of-life, but the company I work for still has support contracts that stipulate that that the product will still still have support under Solaris 8. Java 6 on Solaris defaults to the SSLv3 Hello, and when I upgraded to Jetty 9.2.x latest from something like Jetty 9.2.1, everything worked fine except for the loadbuild machines support Solaris 8. Jetty 9 is being used as part of a web services frame work that is integrated with the loadbuild process.
First, I backed out the server upgrade to a Jetty version that didn't block SSLv3. This bought breathing room. Then, I researched and figure this all out. I updated the client to a newer version of Apache HttpClient that *also* blocked SSLv3, which caused the client to use TLSv1 Hello by default, which then allowed me to update the server to latest Jetty 9.2.x.
So, I'm not saying the change to Jetty was wrong. The default probably should be to block SSLv3. But, I think there can be an assumption made by people using latest technology, that everybody else can as well. Just because Google or some other company declares SSLv3 insecure, doesn't mean that it can be disabled without consequence. All change must be managed gracefully. I don't mind ripping the band-aid off, but there should be a way to let people purposefully keep the band-aid on a little longer if they need to. Now, maybe "stay on old Jetty" is an accept way to do this. But, it's still verging on imposing a general conclusion on every single situation out there, and that can result in pain for people. In my case, I didn't even realize there would be an impact and it was a production outage when it occurred. I did test all the common systems, but I missed testing Solaris 8...