In our previous post, we discussed POODLE and legacy SSLv3 clients. The best solution to POODLE is to disable SSLv3. However, SSLv3 often can’t be disabled because legacy clients only speak SSLv3....
I had one proposed solution. What about modifying client SSL profiles, and change the 'Cache Size' to a smaller value. This would require SSL renegotiation evey X requests. So, wouldn't that provide a better alternative to removing ciphers? This is just a thought. I would be interested in hearing others opinions on this.