--- /dev/null
+diff -dur ejabberd-13.10.orig/deps/p1_tls/c_src/p1_tls_drv.c ejabberd-13.10/deps/p1_tls/c_src/p1_tls_drv.c
+--- ejabberd-13.10.orig/deps/p1_tls/c_src/p1_tls_drv.c 2013-07-17 13:50:12.000000000 +0200
++++ ejabberd-13.10/deps/p1_tls/c_src/p1_tls_drv.c 2013-11-16 15:29:02.705022418 +0100
+@@ -44,7 +44,7 @@
+ #define SSL_OP_NO_TICKET 0
+ #endif
+
+-#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2"
++#define CIPHERS "DEFAULT:!EXPORT:!LOW:!SSLv2:!3DES"
+
+ /*
+ * R15B changed several driver callbacks to use ErlDrvSizeT and
+@@ -490,11 +490,11 @@
+ SSL_set_bio(d->ssl, d->bio_read, d->bio_write);
+
+ if (command == SET_CERTIFICATE_FILE_ACCEPT) {
+- SSL_set_options(d->ssl, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET|SSL_OP_ALL);
++ SSL_set_options(d->ssl, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET|SSL_OP_ALL);
+
+ SSL_set_accept_state(d->ssl);
+ } else {
+- SSL_set_options(d->ssl, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET);
++ SSL_set_options(d->ssl, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET);
+ SSL_set_connect_state(d->ssl);
+ }
+ break;