- Disabling SSLv3 wherever possible
- Apply patches and updates from vendors, especially in cases where the SSLv3 cannot be disabled.
- Deploying support for TLS Signalling Cipher Suite Value (SCSV). SCSV prevents downgrading or fall-back attacks to SSLv3 or earlier versions in case of a man-in-the-middle attack.
- Disabling SSLv3 completely on both the server side and client side is the only sure way to deal with Man-in-the-middle attacks although doing so might cause problems to clients using SSLv3 on their browsers when accessing the servers.