I just installed SSL certificate on my lighttpd server. When running some 3d-party tests they said that SSLV3 should be disabled for security reasons.
However, as my version don't support ssl.use-sslv3 = "disable" in configurations file I'm unsure of how to make the changes. It seams like 1.4.29 support it but not 1.4.28.
I agree with the tester that only TLS should be enabled.
Consider upgrading lighttpd and libssl. This may require a newer operating system. Given the age of lighttpd 1.4.28 this is a requirement for modern https security.
You can control the cipher list. See this article Stong SSL Security on lighttpd for an example of importing Mozilla OpSec's list. Beware that you are limited by OpenSSL version.
https://cipherli.st/ is the quick reference version for modern clients.
