Disable TLSv1.0 and 1.1 by default
Just add !TLSv1 into the standard configations for a new server. Nowadays there are only a few services left who use this.... This gives you a better ranking in most certifiers for a good crypography
//... ssl_protocols = !SSLv3 !TLSv1 //...