Disable SSLv3 (POODLE)

Related: #3131

Motivation:

To prevent users from accidentally enabling SSLv3 and making their
services vulnerable to POODLE, disable SSLv3 when SSLEngine is
instantiated via SslContext.

Modification:

- Disable SSLv3 for JdkSslContext and OpenSslServerContext

Result:

Saner default set of protocols

src/main/java/org/jboss/netty/handler/ssl/JdkSslContext.java

@@ -54,7 +54,7 @@ public abstract class JdkSslContext extends SslContext {
         List<String> protocols = new ArrayList<String>();
         addIfSupported(
                 supportedProtocols, protocols,
-                "TLSv1.2", "TLSv1.1", "TLSv1", "SSLv3");
+                "TLSv1.2", "TLSv1.1", "TLSv1");
 
         if (!protocols.isEmpty()) {
             PROTOCOLS = protocols.toArray(new String[protocols.size()]);

src/main/java/org/jboss/netty/handler/ssl/OpenSslServerContext.java

@@ -174,6 +174,7 @@ public final class OpenSslServerContext extends SslContext {
 
                 SSLContext.setOptions(ctx, SSL.SSL_OP_ALL);
                 SSLContext.setOptions(ctx, SSL.SSL_OP_NO_SSLv2);
+                SSLContext.setOptions(ctx, SSL.SSL_OP_NO_SSLv3);
                 SSLContext.setOptions(ctx, SSL.SSL_OP_CIPHER_SERVER_PREFERENCE);
                 SSLContext.setOptions(ctx, SSL.SSL_OP_SINGLE_ECDH_USE);
                 SSLContext.setOptions(ctx, SSL.SSL_OP_SINGLE_DH_USE);