diff --git a/manifests/mod_ssl.pp b/manifests/mod_ssl.pp
index a2e2a44c8e677ae858607f56169468f6ec3e5833..15233c690e8496d4739fb53498d141115679add6 100644
--- a/manifests/mod_ssl.pp
+++ b/manifests/mod_ssl.pp
@@ -21,6 +21,8 @@ class apache::mod_ssl
 	'SSLRandomSeed startup'	 => 'file:/dev/urandom 256',
 	'SSLRandomSeed connect'	 => 'builtin',
 	'SSLCryptoDevice'	 => 'builtin',
+	# Both SSLv2 and SSLv3 are broken, security-wise
+	'SSLProtocol'		 => 'all -SSLv2 -SSLv3',
     }
     package {
 	'mod_ssl':