If your app is going to make HTTPS calls (act like a client) or for all Java apps using HTTPSUrlConnection
set the following system property java.lang.System.setProperty("https.protocols","TLSv1,TLSv1.1,TLSv1.2");
or
set the property before starting the application with java -Dhttps.protocols="TLSv1,TLSv1.1,TLSv1.2" MyAPP
To disable SSLv3 in embedded Jetty(v9.x)
Setup the SslContextFactory
sslContextFactory.addExcludeProtocols("SSLv3");
sslContextFactory.setExcludeCipherSuites("SSL_RSA_WITH_NULL_MD5", "SSL_RSA_WITH_NULL_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_RC4_128_SHA", "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5", "SSL_RSA_WITH_IDEA_CBC_SHA", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_RSA_WITH_DES_CBC_SHA", "SSL_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", "SSL_DH_DSS_WITH_DES_CBC_SHA", "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA", "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DH_RSA_WITH_DES_CBC_SHA", "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", "SSL_DH_anon_WITH_RC4_128_MD5", "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", "SSL_DH_anon_WITH_DES_CBC_SHA", "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA", "SSL_FORTEZZA_KEA_WITH_NULL_SHA", "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA", "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA", "SSL_DHE_RSA_WITH_AES_128_CBC_SHA", "SSL_RSA_WITH_AES_128_CBC_SHA");
For securing Tomcat 7
Follow the following steps
http://wiki.apache.org/tomcat/Security/POODLE
For protecting .NET WCF or client
HTTPS invocatons endpoints by forcing them to use TLS always.
Set it globally for each AppDomain via the System.Net.ServicePointManager.SecurityProtocol property when the application starts up.
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;