There are *no* secure SSLv3 ciphers. If you need to support it (for legacy clients), then best you can do is use the "poodle patch," the SCSV indicator which will at least prevents clients that are capable of more from being downgraded.