Forum OpenACS CMS: Re: "This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C. MORE INFO"
One should probably deactivate SSLv3 by default (with the cost, that some old SSL clients might fail). I will update the default configuration on bitbucket to the more secure setting.
The security rating of openacs.org (running NaviServer 4.99.17) is A+. You should be able to get the same.