Deadline coming up (June 30th 2018) to be PCI compliant.
If you are running an older web server with e-commerce, you should be
removing support for older ( i.e., anything pre-TLS 1.1 ) for now to be PCI compliant.
- so, remove SSL 3.0 and TLS 1.0... Might just go to TLS 1.2 to not have to keep doing this if you can.
You can check it with this one liner:
nmap --script ssl-enum-ciphers -p 443 yoursite.com
Since the client can be tricked to using lower levels - (and we know it will be impossible to force clients to update) - the server end needs to change to not have support for the lower level TLS.