First, as a web site operator:
I haven’t got the new version build with 1.0.1j from Apache Lounge yet, so I’ve done the workaround I read on “SSL v3 goes to the dogs – POODLE kills off protocol”.
I added the
SSLProtocol All -SSLv3 to my httpd-ssl.conf and restarted the httpd.exe. Before this, SSL Server Test gave me “This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C”. But after this, it gave me “This server is not vulnerable to the POODLE attack because it doesn’t support SSL 3”.
Second, as a user:
I did the following workaround. See “How to protect your browser”.