Oracle recommends that users and developers disable use of the SSLv3 protocol.
Referenced from release notes:
At the bottom of the article is a suggested approach in code to use to disable SSLv3 explicitly by default. Nexus should do this as well by default for outbound requests.
Only apply this default exclusion in case where https.protocols system property is not set. ( per